Merge "qseecom: Validate inputs from user space"

		pr_err("cmd buffer or response buffer is null\n");

		return -EINVAL;

	}

	if (((uint32_t)req->cmd_req_buf < data->client.user_virt_sb_base) ||

		((uint32_t)req->cmd_req_buf >= (data->client.user_virt_sb_base +

					data->client.sb_length))) {

		pr_err("cmd buffer address not within shared bufffer\n");

		return -EINVAL;

	}

	if (req->cmd_req_len <= 0 ||

		req->resp_len <= 0 ||

	if (((uint32_t)req->resp_buf < data->client.user_virt_sb_base)  ||

		((uint32_t)req->resp_buf >= (data->client.user_virt_sb_base +

					data->client.sb_length))){

		pr_err("response buffer address not within shared bufffer\n");

		return -EINVAL;

	}

	if ((req->cmd_req_len == 0) || (req->resp_len == 0) ||

		req->cmd_req_len > data->client.sb_length ||

		req->resp_len > data->client.sb_length) {

		pr_err("cmd buffer length or "

					void __user *argp)

{

	int ret = 0;

	int i;

	struct qseecom_send_modfd_cmd_req req;

	struct qseecom_send_cmd_req send_cmd_req;

	send_cmd_req.resp_buf = req.resp_buf;

	send_cmd_req.resp_len = req.resp_len;

	/* validate offsets */

	for (i = 0; i < MAX_ION_FD; i++) {

		if (req.ifd_data[i].cmd_buf_offset >= req.cmd_req_len) {

			pr_err("Invalid offset %d = 0x%x\n",

				i, req.ifd_data[i].cmd_buf_offset);

			return -EINVAL;

		}

	}

	ret = __qseecom_update_cmd_buf(&req, false, data, false);

	if (ret)

		return ret;

						void __user *argp)

{

	struct qseecom_send_modfd_listener_resp resp;

	int i;

	if (copy_from_user(&resp, argp, sizeof(resp))) {

		pr_err("copy_from_user failed");

		return -EINVAL;

	}

	/* validate offsets */

	for (i = 0; i < MAX_ION_FD; i++) {

		if (resp.ifd_data[i].cmd_buf_offset >= resp.resp_len) {

			pr_err("Invalid offset %d = 0x%x\n",

				i, resp.ifd_data[i].cmd_buf_offset);

			return -EINVAL;

		}

	}

	__qseecom_update_cmd_buf(&resp, false, data, true);

	qseecom.send_resp_flag = 1;

	wake_up_interruptible(&qseecom.send_resp_wq);