Merge "dsp: q6usm: Check size of payload before access"

// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.

 */

#include <linux/mutex.h>

#include <linux/wait.h>

	uint32_t token;

	uint32_t *payload = data->payload;

	if (data->payload_size < (2 * sizeof(uint32_t))) {

		pr_err("%s: payload has invalid size[%d]\n", __func__,

		       data->payload_size);

		return -EINVAL;

	}

	pr_debug("%s: ptr0[0x%x]; ptr1[0x%x]; opcode[0x%x]\n",

		 __func__, payload[0], payload[1], data->opcode);

	pr_debug("%s: token[0x%x]; payload_size[%d]; src[%d]; dest[%d];\n",

	}

	if (data->opcode == APR_BASIC_RSP_RESULT) {

		if (data->payload_size < (2 * sizeof(uint32_t))) {

			pr_err("%s: payload has invalid size[%d]\n", __func__,

			       data->payload_size);

			return -EINVAL;

		}

		/* status field check */

		if (payload[1]) {

			pr_err("%s: wrong response[%d] on cmd [%d]\n",

		opcode = Q6USM_EVENT_READ_DONE;

		spin_lock_irqsave(&port->dsp_lock, dsp_flags);

		if (data->payload_size <

		    (sizeof(uint32_t)*(READDONE_IDX_STATUS + 1))) {

			pr_err("%s: Invalid payload size for READDONE[%d]\n",

			       __func__, data->payload_size);

			return -EINVAL;

		}

		if (payload[READDONE_IDX_STATUS]) {

			pr_err("%s: wrong READDONE[%d]; token[%d]\n",

			       __func__,

		struct us_port_data *port = &usc->port[IN];

		opcode = Q6USM_EVENT_WRITE_DONE;

		if (data->payload_size <

		    (sizeof(uint32_t)*(WRITEDONE_IDX_STATUS + 1))) {

			pr_err("%s: Invalid payload size for WRITEDONE[%d]\n",

			       __func__, data->payload_size);

			return -EINVAL;

		}

		if (payload[WRITEDONE_IDX_STATUS]) {

			pr_err("%s: wrong WRITEDONE_IDX_STATUS[%d]\n",

			       __func__,