Merge "msm: ipa: Fix to slab out of bounds issue"

	list_for_each_entry(entry, &ipa_ctx->hdr_tbl.head_hdr_entry_list,

			link) {

		if (entry->cookie != IPA_HDR_COOKIE)

			continue;

		nbytes = scnprintf(

			dbg_buff,

			IPA_MAX_MSG_LEN,

	if (attrib->protocol_eq_present)

		pr_err("protocol:%d ", attrib->protocol_eq);

	if (attrib->num_ihl_offset_range_16 >

			IPA_IPFLTR_NUM_IHL_RANGE_16_EQNS) {

		IPAERR_RL("num_ihl_offset_range_16  Max %d passed value %d\n",

			IPA_IPFLTR_NUM_IHL_RANGE_16_EQNS,

			attrib->num_ihl_offset_range_16);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_ihl_offset_range_16; i++) {

		pr_err(

			   "(ihl_ofst_range16: ofst:%u lo:%u hi:%u) ",

			   attrib->ihl_offset_range_16[i].range_high);

	}

	if (attrib->num_offset_meq_32 > IPA_IPFLTR_NUM_MEQ_32_EQNS) {

		IPAERR_RL("num_offset_meq_32  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_MEQ_32_EQNS, attrib->num_offset_meq_32);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_offset_meq_32; i++) {

		pr_err(

			   "(ofst_meq32: ofst:%u mask:0x%x val:0x%x) ",

				attrib->ihl_offset_eq_16.value);

	}

	if (attrib->num_ihl_offset_meq_32 > IPA_IPFLTR_NUM_IHL_MEQ_32_EQNS) {

		IPAERR_RL("num_ihl_offset_meq_32  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_IHL_MEQ_32_EQNS, attrib->num_ihl_offset_meq_32);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_ihl_offset_meq_32; i++) {

		pr_err(

				"(ihl_ofst_meq32: ofts:%d mask:0x%x val:0x%x) ",

				attrib->ihl_offset_meq_32[i].value);

	}

	if (attrib->num_offset_meq_128 > IPA_IPFLTR_NUM_MEQ_128_EQNS) {

		IPAERR_RL("num_offset_meq_128  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_MEQ_128_EQNS, attrib->num_offset_meq_128);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_offset_meq_128; i++) {

		for (j = 0; j < 16; j++) {

			addr[j] = attrib->offset_meq_128[i].value[j];

	u32 rt_tbl_idx;

	u32 bitmap;

	bool eq;

	int res = 0;

	tbl = &ipa_ctx->glob_flt_tbl[ip];

	mutex_lock(&ipa_ctx->lock);

	i = 0;

	list_for_each_entry(entry, &tbl->head_flt_rule_list, link) {

		if (entry->cookie != IPA_FLT_COOKIE)

			continue;

		if (entry->rule.eq_attrib_type) {

			rt_tbl_idx = entry->rule.rt_tbl_idx;

			bitmap = entry->rule.eq_attrib.rule_eq_bitmap;

			i, entry->rule.action, rt_tbl_idx);

		pr_err("attrib_mask:%08x retain_hdr:%d eq:%d ",

			bitmap, entry->rule.retain_hdr, eq);

		if (eq)

			ipa_attrib_dump_eq(

		if (eq) {

			res = ipa_attrib_dump_eq(

				&entry->rule.eq_attrib);

		else

			if (res) {

				IPAERR_RL("failed read attrib eq\n");

				goto bail;

			}

		} else

			ipa_attrib_dump(

				&entry->rule.attrib, ip);

		i++;

		tbl = &ipa_ctx->flt_tbl[j][ip];

		i = 0;

		list_for_each_entry(entry, &tbl->head_flt_rule_list, link) {

			if (entry->cookie != IPA_FLT_COOKIE)

				continue;

			if (entry->rule.eq_attrib_type) {

				rt_tbl_idx = entry->rule.rt_tbl_idx;

				bitmap = entry->rule.eq_attrib.rule_eq_bitmap;

			pr_err("attrib_mask:%08x retain_hdr:%d ",

				bitmap, entry->rule.retain_hdr);

			pr_err("eq:%d ", eq);

			if (eq)

				ipa_attrib_dump_eq(

			if (eq) {

				res = ipa_attrib_dump_eq(

						&entry->rule.eq_attrib);

			else

				if (res) {

					IPAERR_RL("failed read attrib eq\n");

					goto bail;

				}

			} else

				ipa_attrib_dump(

					&entry->rule.attrib, ip);

			i++;

		}

	}

bail:

	mutex_unlock(&ipa_ctx->lock);

	return 0;

	return res;

}

static ssize_t ipa_read_stats(struct file *file, char __user *ubuf,

	list_for_each_entry(entry, &ipa3_ctx->hdr_tbl.head_hdr_entry_list,

			link) {

		if (entry->cookie != IPA_HDR_COOKIE)

			continue;

		nbytes = scnprintf(

			dbg_buff,

			IPA_MAX_MSG_LEN,

	if (attrib->tc_eq_present)

		pr_err("tc:%d ", attrib->tc_eq);

	if (attrib->num_offset_meq_128 > IPA_IPFLTR_NUM_MEQ_128_EQNS) {

		IPAERR_RL("num_offset_meq_128  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_MEQ_128_EQNS, attrib->num_offset_meq_128);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_offset_meq_128; i++) {

		for (j = 0; j < 16; j++) {

			addr[j] = attrib->offset_meq_128[i].value[j];

			mask, addr);

	}

	if (attrib->num_offset_meq_32 > IPA_IPFLTR_NUM_MEQ_32_EQNS) {

		IPAERR_RL("num_offset_meq_32  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_MEQ_32_EQNS, attrib->num_offset_meq_32);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_offset_meq_32; i++)

		pr_err(

			   "(ofst_meq32: ofst:%u mask:0x%x val:0x%x) ",

			   attrib->offset_meq_32[i].mask,

			   attrib->offset_meq_32[i].value);

	if (attrib->num_ihl_offset_meq_32 > IPA_IPFLTR_NUM_IHL_MEQ_32_EQNS) {

		IPAERR_RL("num_ihl_offset_meq_32  Max %d passed value %d\n",

		IPA_IPFLTR_NUM_IHL_MEQ_32_EQNS, attrib->num_ihl_offset_meq_32);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_ihl_offset_meq_32; i++)

		pr_err(

			"(ihl_ofst_meq32: ofts:%d mask:0x%x val:0x%x) ",

			attrib->metadata_meq32.mask,

			attrib->metadata_meq32.value);

	if (attrib->num_ihl_offset_range_16 >

			IPA_IPFLTR_NUM_IHL_RANGE_16_EQNS) {

		IPAERR_RL("num_ihl_offset_range_16  Max %d passed value %d\n",

			IPA_IPFLTR_NUM_IHL_RANGE_16_EQNS,

			attrib->num_ihl_offset_range_16);

		return -EPERM;

	}

	for (i = 0; i < attrib->num_ihl_offset_range_16; i++)

		pr_err(

			   "(ihl_ofst_range16: ofst:%u lo:%u hi:%u) ",

			pr_err("rule_id:%u prio:%u retain_hdr:%u ",

				rules[rl].id, rules[rl].priority,

				rules[rl].retain_hdr);

			ipa3_attrib_dump_eq(&rules[rl].eq_attrib);

			res = ipa3_attrib_dump_eq(&rules[rl].eq_attrib);

			if (res) {

				IPAERR_RL("failed read attrib eq\n");

				goto bail;

			}

		}

		pr_err("=== Routing Table %d = Non-Hashable Rules ===\n", tbl);

			pr_err("rule_id:%u prio:%u retain_hdr:%u\n",

				rules[rl].id, rules[rl].priority,

				rules[rl].retain_hdr);

			ipa3_attrib_dump_eq(&rules[rl].eq_attrib);

			res = ipa3_attrib_dump_eq(&rules[rl].eq_attrib);

			if (res) {

				IPAERR_RL("failed read attrib eq\n");

				goto bail;

			}

		}

		pr_err("\n");

	}

	u32 rt_tbl_idx;

	u32 bitmap;

	bool eq;

	int res = 0;

	mutex_lock(&ipa3_ctx->lock);

		tbl = &ipa3_ctx->flt_tbl[j][ip];

		i = 0;

		list_for_each_entry(entry, &tbl->head_flt_rule_list, link) {

			if (entry->cookie != IPA_FLT_COOKIE)

				continue;

			if (entry->rule.eq_attrib_type) {

				rt_tbl_idx = entry->rule.rt_tbl_idx;

				bitmap = entry->rule.eq_attrib.rule_eq_bitmap;

			pr_err("hashable:%u rule_id:%u max_prio:%u prio:%u ",

				entry->rule.hashable, entry->rule_id,

				entry->rule.max_prio, entry->prio);

			if (eq)

				ipa3_attrib_dump_eq(

			if (eq) {

				res = ipa3_attrib_dump_eq(

					&entry->rule.eq_attrib);

			else

				if (res) {

					IPAERR_RL("failed read attrib eq\n");

					goto bail;

				}

			} else

				ipa3_attrib_dump(

					&entry->rule.attrib, ip);

			i++;

		}

	}

bail:

	mutex_unlock(&ipa3_ctx->lock);

	return 0;

	return res;

}

static ssize_t ipa3_read_flt_hw(struct file *file, char __user *ubuf,

				bitmap, rules[rl].rule.retain_hdr);

			pr_err("rule_id:%u prio:%u ",

				rules[rl].id, rules[rl].priority);

			ipa3_attrib_dump_eq(&rules[rl].rule.eq_attrib);

			res = ipa3_attrib_dump_eq(&rules[rl].rule.eq_attrib);

			if (res) {

				IPAERR_RL("failed read attrib eq\n");

				goto bail;

			}

		}

		pr_err("=== Filtering Table ep:%d = Non-Hashable Rules ===\n",

				bitmap, rules[rl].rule.retain_hdr);

			pr_err("rule_id:%u  prio:%u ",

				rules[rl].id, rules[rl].priority);

			ipa3_attrib_dump_eq(&rules[rl].rule.eq_attrib);

			res = ipa3_attrib_dump_eq(&rules[rl].rule.eq_attrib);

			if (res) {

				IPAERR_RL("failed read attrib eq\n");

				goto bail;

			}

		}

		pr_err("\n");

	}

/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.

/* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

	gen_params.rule = (const struct ipa_flt_rule *)&entry->rule;

	res = ipahal_flt_generate_hw_rule(&gen_params, &entry->hw_len, buf);

	if (res)

	if (res) {

		IPAERR_RL("failed to generate flt h/w rule\n");

		return res;

	}

	return 0;

}