Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 7fa0fbc4 authored by Subash Abhinov Kasiviswanathan's avatar Subash Abhinov Kasiviswanathan Committed by Gerrit - the friendly Code Review server
Browse files

drivers: shs: limit size copied to cached flows array to avoid globar var corruption



Add limit to the number of flows copied into the gold flow and slow start
flow arrays before memcpy to shared memory. Going out of bounds on the
array write corrupted the global variables for the shared memory pointers.
Fixes the following:

[  846.803490] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000081
[  846.909206] Process kworker/4:1 (pid: 80, stack limit = 0xffffff800b670000)
[  846.916377] CPU: 4 PID: 80 Comm: kworker/4:1 Tainted: G S         O      4.19.81+ #1
[  846.930899] Workqueue: rmnet_shs_wq rmnet_shs_wq_process_wq [rmnet_shs]
[  846.942612] pc : rmnet_shs_wq_mem_update_cached_sorted_ss_flows+0x9c/0xf0 [rmnet_shs]
[  846.950657] lr : rmnet_shs_wq_eval_cpus_caps_and_flows+0x74/0x218 [rmnet_shs]

Change-Id: Ifeee71e48fc61c4dd750eb061573beb88fcd2b7d
Signed-off-by: default avatarSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
parent 1df496e8
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment