Merge "qseecom: correct range check in __qseecom_update_cmd_buf_64"

	return 0;

}

static int __boundary_checks_offset_64(struct qseecom_send_modfd_cmd_req *req,

			struct qseecom_send_modfd_listener_resp *lstnr_resp,

			struct qseecom_dev_handle *data, int i)

{

	if ((data->type != QSEECOM_LISTENER_SERVICE) &&

						(req->ifd_data[i].fd > 0)) {

		if ((req->cmd_req_len < sizeof(uint64_t)) ||

			(req->ifd_data[i].cmd_buf_offset >

			req->cmd_req_len - sizeof(uint64_t))) {

			pr_err("Invalid offset (req len) 0x%x\n",

				req->ifd_data[i].cmd_buf_offset);

			return -EINVAL;

		}

	} else if ((data->type == QSEECOM_LISTENER_SERVICE) &&

					(lstnr_resp->ifd_data[i].fd > 0)) {

		if ((lstnr_resp->resp_len < sizeof(uint64_t)) ||

			(lstnr_resp->ifd_data[i].cmd_buf_offset >

			lstnr_resp->resp_len - sizeof(uint64_t))) {

			pr_err("Invalid offset (lstnr resp len) 0x%x\n",

				lstnr_resp->ifd_data[i].cmd_buf_offset);

			return -EINVAL;

		}

	}

	return 0;

}

static int __qseecom_update_cmd_buf(void *msg, bool cleanup,

			struct qseecom_dev_handle *data)

{

		if (sg_ptr->nents == 1) {

			uint64_t *update_64bit;

			if (__boundary_checks_offset(req, lstnr_resp, data, i))

			if (__boundary_checks_offset_64(req, lstnr_resp,

							data, i))

				goto err;

				/* 64bit app uses 64bit address */

			update_64bit = (uint64_t *) field;