Loading drivers/soc/qcom/spcom.c +34 −0 Original line number Diff line number Diff line Loading @@ -1383,6 +1383,11 @@ static int modify_ion_addr(void *buf, return -ENODEV; } if (buf_size < sizeof(uint64_t)) { pr_err("buf size too small [%d].\n", buf_size); return -ENODEV; } if (buf_offset > buf_size - sizeof(uint64_t)) { pr_err("invalid buf_offset [%d].\n", buf_offset); return -ENODEV; Loading Loading @@ -1444,6 +1449,16 @@ static int spcom_handle_send_modified_command(struct spcom_channel *ch, pr_debug("send req/resp ch [%s] size [%d] .\n", ch->name, size); /* * check that cmd buf size is at least struct size, * to allow access to struct fields. */ if (size < sizeof(*cmd)) { pr_err("ch [%s] invalid cmd buf.\n", ch->name); return -EINVAL; } /* Check if remote side connect */ if (!spcom_is_channel_connected(ch)) { pr_err("ch [%s] remote side not connect.\n", ch->name); Loading @@ -1456,6 +1471,18 @@ static int spcom_handle_send_modified_command(struct spcom_channel *ch, timeout_msec = cmd->timeout_msec; memcpy(ion_info, cmd->ion_info, sizeof(ion_info)); /* Check param validity */ if (buf_size > SPCOM_MAX_RESPONSE_SIZE) { pr_err("ch [%s] invalid buf size [%d].\n", ch->name, buf_size); return -EINVAL; } if (size != sizeof(*cmd) + buf_size) { pr_err("ch [%s] invalid cmd size [%d].\n", ch->name, size); return -EINVAL; } /* Allocate Buffers*/ tx_buf_size = sizeof(*hdr) + buf_size; tx_buf = kzalloc(tx_buf_size, GFP_KERNEL); Loading Loading @@ -1716,6 +1743,13 @@ static int spcom_handle_read_req_resp(struct spcom_channel *ch, return -ENOTCONN; } /* Check param validity */ if (size > SPCOM_MAX_RESPONSE_SIZE) { pr_err("ch [%s] inavlid size [%d].\n", ch->name, size); return -EINVAL; } /* Allocate Buffers*/ rx_buf_size = sizeof(*hdr) + size; rx_buf = kzalloc(rx_buf_size, GFP_KERNEL); Loading Loading
drivers/soc/qcom/spcom.c +34 −0 Original line number Diff line number Diff line Loading @@ -1383,6 +1383,11 @@ static int modify_ion_addr(void *buf, return -ENODEV; } if (buf_size < sizeof(uint64_t)) { pr_err("buf size too small [%d].\n", buf_size); return -ENODEV; } if (buf_offset > buf_size - sizeof(uint64_t)) { pr_err("invalid buf_offset [%d].\n", buf_offset); return -ENODEV; Loading Loading @@ -1444,6 +1449,16 @@ static int spcom_handle_send_modified_command(struct spcom_channel *ch, pr_debug("send req/resp ch [%s] size [%d] .\n", ch->name, size); /* * check that cmd buf size is at least struct size, * to allow access to struct fields. */ if (size < sizeof(*cmd)) { pr_err("ch [%s] invalid cmd buf.\n", ch->name); return -EINVAL; } /* Check if remote side connect */ if (!spcom_is_channel_connected(ch)) { pr_err("ch [%s] remote side not connect.\n", ch->name); Loading @@ -1456,6 +1471,18 @@ static int spcom_handle_send_modified_command(struct spcom_channel *ch, timeout_msec = cmd->timeout_msec; memcpy(ion_info, cmd->ion_info, sizeof(ion_info)); /* Check param validity */ if (buf_size > SPCOM_MAX_RESPONSE_SIZE) { pr_err("ch [%s] invalid buf size [%d].\n", ch->name, buf_size); return -EINVAL; } if (size != sizeof(*cmd) + buf_size) { pr_err("ch [%s] invalid cmd size [%d].\n", ch->name, size); return -EINVAL; } /* Allocate Buffers*/ tx_buf_size = sizeof(*hdr) + buf_size; tx_buf = kzalloc(tx_buf_size, GFP_KERNEL); Loading Loading @@ -1716,6 +1743,13 @@ static int spcom_handle_read_req_resp(struct spcom_channel *ch, return -ENOTCONN; } /* Check param validity */ if (size > SPCOM_MAX_RESPONSE_SIZE) { pr_err("ch [%s] inavlid size [%d].\n", ch->name, size); return -EINVAL; } /* Allocate Buffers*/ rx_buf_size = sizeof(*hdr) + size; rx_buf = kzalloc(rx_buf_size, GFP_KERNEL); Loading
