Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 79969563 authored by Zhenhua Huang's avatar Zhenhua Huang
Browse files

soc: qcom: secure_buffer: Fix the parameter passing to dmac_flush_range 



For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.

Fix it by manually convert it as void* when doing the addition.

CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: default avatarZhenhua Huang <zhenhuah@codeaurora.org>
parent 62bf137f

drivers/soc/qcom/secure_buffer.c

+3 −2
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2011 Google, Inc

 * Copyright (c) 2011-2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -155,7 +155,8 @@ static int secure_buffer_change_table(struct sg_table *table, int lock) 
		 * secure environment to ensure the data is actually present

		 * in RAM

		 */

		dmac_flush_range(chunk_list, chunk_list + chunk_list_len);

		dmac_flush_range(chunk_list,

			(void *)chunk_list + chunk_list_len);



		ret = secure_buffer_change_chunk(virt_to_phys(chunk_list),

				nchunks, V2_CHUNK_SIZE, lock);