Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db7fbb4a authored by Anirudh Ghayal's avatar Anirudh Ghayal Committed by Gerrit - the friendly Code Review server
Browse files

power: qpnp-qg: Add range checks to FIFO length 



In some erroneous cases there could be back-to-back
calls to process the accumulator data which may lead
to a array overflow. Fix this by adding range check
while populating the FIFO data.

Change-Id: I3f2495649153ae16040579b71dff5b78315b29a9
Signed-off-by: default avatarAnirudh Ghayal <aghayal@codeaurora.org>
parent ae5a9a6d

drivers/power/supply/qcom/qpnp-qg.c

+6 −3
Original line number Diff line number Diff line
@@ -342,9 +342,10 @@ static int qg_process_fifo(struct qpnp_qg *chip, u32 fifo_length) 


	/*

	 * If there is pending data from suspend, append the new FIFO

	 * data to it.

	 * data to it. Only do this if we can accomadate 8 FIFOs

	 */

	if (chip->suspend_data) {

	if (chip->suspend_data &&

		(chip->kdata.fifo_length < (MAX_FIFO_LENGTH / 2))) {

		j = chip->kdata.fifo_length; /* append the data */

		chip->suspend_data = false;

		qg_dbg(chip, QG_DEBUG_FIFO,
@@ -413,7 +414,7 @@ static int qg_process_accumulator(struct qpnp_qg *chip) 
		return rc;

	}



	if (!count) {

	if (!count || count < 10) { /* Ignore small accumulator data */

		pr_debug("No ACCUMULATOR data!\n");

		return 0;

	}
@@ -445,6 +446,8 @@ static int qg_process_accumulator(struct qpnp_qg *chip) 
	chip->kdata.fifo[index].interval = sample_interval;

	chip->kdata.fifo[index].count = count;

	chip->kdata.fifo_length++;

	if (chip->kdata.fifo_length == MAX_FIFO_LENGTH)

		chip->kdata.fifo_length = MAX_FIFO_LENGTH - 1;



	if (chip->kdata.fifo_length == 1)	/* Only accumulator data */

		chip->kdata.seq_no = chip->seq_no++ % U32_MAX;