Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6e30737 authored by Zhenhua Huang's avatar Zhenhua Huang Committed by Gerrit - the friendly Code Review server
Browse files

soc: qcom: secure_buffer: Fix the parameter passing to dmac_flush_range 



For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.

Fix it by manually convert it as void* when doing the addition.

CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: default avatarZhenhua Huang <zhenhuah@codeaurora.org>
parent 315ed7f6

drivers/soc/qcom/secure_buffer.c

+2 −1
Original line number Diff line number Diff line
@@ -137,7 +137,8 @@ static int secure_buffer_change_table(struct sg_table *table, int lock) 
		 * secure environment to ensure the data is actually present

		 * in RAM

		 */

		dmac_flush_range(chunk_list, chunk_list + chunk_list_len);

		dmac_flush_range(chunk_list,

			(void *)chunk_list + chunk_list_len);



		ret = secure_buffer_change_chunk(chunk_list_phys,

				nchunks, V2_CHUNK_SIZE, lock);