};
#endif
+#define CMDQ_MAX_DUMP_REG_COUNT (2048)
+#define CMDQ_MAX_COMMAND_SIZE (0x10000)
+#define CMDQ_MAX_WRITE_ADDR_COUNT (PAGE_SIZE / sizeof(u32))
+
static dev_t gCmdqDevNo;
static struct cdev *gCmdqCDev;
static struct class *gCMDQClass;
}
/* how many register to dump? */
+ if (kernelRegCount > CMDQ_MAX_DUMP_REG_COUNT || userRegCount > CMDQ_MAX_DUMP_REG_COUNT)
+ return -EINVAL;
totalRegCount = kernelRegCount + userRegCount;
if (0 == totalRegCount) {
do {
if (NULL == req_user ||
0 == req_user->count ||
+ req_user->count > CMDQ_MAX_DUMP_REG_COUNT ||
NULL == req_user->values || NULL == req_user->dmaAddresses) {
CMDQ_ERR("[READ_PA] invalid req_user\n");
break;
return -EFAULT;
}
+ if (pCommand->regRequest.count > CMDQ_MAX_DUMP_REG_COUNT)
+ return -EINVAL;
+
/* allocate secure medatata */
status = cmdq_driver_create_secure_medadata(pCommand);
if (0 != status) {
return -EFAULT;
}
+ if (command.regRequest.count > CMDQ_MAX_DUMP_REG_COUNT ||
+ !command.blockSize ||
+ command.blockSize > CMDQ_MAX_COMMAND_SIZE)
+ return -EINVAL;
+
/* insert private_data for resource reclaim */
command.privateData = (void *)pFile->private_data;
return -EFAULT;
}
+ if (job.command.blockSize > CMDQ_MAX_COMMAND_SIZE)
+ return -EINVAL;
+
/* not support secure path for async ioctl yet */
if (true == job.command.secData.isSecure) {
CMDQ_ERR("not support secure path for CMDQ_IOCTL_ASYNC_JOB_EXEC\n");
return -EFAULT;
}
pTask = (TaskStruct *)(unsigned long)jobResult.hJob;
+ if (pTask->regCount > CMDQ_MAX_DUMP_REG_COUNT)
+ return -EINVAL;
/* utility service, fill the engine flag. */
/* this is required by MDP. */
return -EFAULT;
}
+ if (!addrReq.count || addrReq.count > CMDQ_MAX_WRITE_ADDR_COUNT) {
+ CMDQ_ERR(
+ "CMDQ_IOCTL_ALLOC_WRITE_ADDRESS invalid alloc write addr count:%u\n",
+ addrReq.count);
+ return -EINVAL;
+ }
+
status = cmdqCoreAllocWriteAddress(addrReq.count, &paStart);
if (0 != status) {
CMDQ_ERR