Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ce20d5e authored by Zhenhua Huang's avatar Zhenhua Huang
Browse files

soc: qcom: secure_buffer: Fix the parameter passing to dmac_flush_range 



For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.

Fix it by manually convert it as void* when doing the addition.

CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: default avatarZhenhua Huang <zhenhuah@codeaurora.org>
parent cbd97cb4

drivers/soc/qcom/secure_buffer.c

+3 −2
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (C) 2011 Google, Inc

 * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.

 * Copyright (c) 2011-2019, 2021 The Linux Foundation. All rights reserved.

 */



#include <linux/highmem.h>
@@ -119,7 +119,8 @@ static int secure_buffer_change_table(struct sg_table *table, int lock) 
		 * secure environment to ensure the data is actually present

		 * in RAM

		 */

		dmac_flush_range(chunk_list, chunk_list + chunk_list_len);

		dmac_flush_range(chunk_list,

			(void *)chunk_list + chunk_list_len);



		ret = secure_buffer_change_chunk(chunk_list_phys,

				nchunks, V2_CHUNK_SIZE, lock);