Merge "qseecom: Copy userspace buffer into kernel space before dereferencing"

		struct qseecom_client_send_service_ireq *send_svc_ireq_ptr)

{

	int ret = 0;

	void *req_buf = NULL;

	if ((req_ptr == NULL) || (send_svc_ireq_ptr == NULL)) {

		pr_err("Error with pointer: req_ptr = %p, send_svc_ptr = %p\n",

			req_ptr, send_svc_ireq_ptr);

		return -EINVAL;

	}

	if (((uint32_t)req_ptr->cmd_req_buf <

			data_ptr->client.user_virt_sb_base)

			|| ((uint32_t)req_ptr->cmd_req_buf >=

			(data_ptr->client.user_virt_sb_base +

			data_ptr->client.sb_length))) {

		pr_err("cmd buffer address not within shared bufffer\n");

		return -EINVAL;

	}

	if (((uint32_t)req_ptr->resp_buf < data_ptr->client.user_virt_sb_base)

			|| ((uint32_t)req_ptr->resp_buf >=

			(data_ptr->client.user_virt_sb_base +

			data_ptr->client.sb_length))){

		pr_err("response buffer address not within shared bufffer\n");

		return -EINVAL;

	}

	req_buf = data_ptr->client.sb_virt;

	send_svc_ireq_ptr->qsee_cmd_id = req_ptr->cmd_id;

	send_svc_ireq_ptr->key_type =

	((struct qseecom_rpmb_provision_key *)req_ptr->cmd_req_buf)->key_type;

		((struct qseecom_rpmb_provision_key *)req_buf)->key_type;

	send_svc_ireq_ptr->req_len = req_ptr->cmd_req_len;

	send_svc_ireq_ptr->rsp_ptr = (void *)(__qseecom_uvirt_to_kphys(data_ptr,

					(uint32_t)req_ptr->resp_buf));