Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1679b76 authored by Tharun Kumar Merugu's avatar Tharun Kumar Merugu
Browse files

msm: ADSPRPC: Handle map and unmap in 32 bit images 



Copy data to architecture specific structures from default 64 bit
structures, as 32 bit image structures will result in buffer overflow
when copied from 64 bit default structures.

Change-Id: I68e51fd128142e075528315f99bd34dd6b423239
Acked-by: default avatarHimateja Reddy <hmreddy@qti.qualcomm.com>
Signed-off-by: default avatarTharun Kumar Merugu <mtharu@codeaurora.org>
parent edbbd979

drivers/char/adsprpc.c

+41 −7
Original line number Diff line number Diff line
@@ -1758,6 +1758,31 @@ static int fastrpc_mmap_remove(struct fastrpc_file *fl, uintptr_t va, 


static void fastrpc_mmap_add(struct fastrpc_mmap *map);



static inline void get_fastrpc_ioctl_mmap_64(

			struct fastrpc_ioctl_mmap_64 *mmap64,

			struct fastrpc_ioctl_mmap *immap)

{

	immap->fd = mmap64->fd;

	immap->flags = mmap64->flags;

	immap->vaddrin = (uintptr_t)mmap64->vaddrin;

	immap->size = mmap64->size;

}



static inline void put_fastrpc_ioctl_mmap_64(

			struct fastrpc_ioctl_mmap_64 *mmap64,

			struct fastrpc_ioctl_mmap *immap)

{

	mmap64->vaddrout = (uint64_t)immap->vaddrout;

}



static inline void get_fastrpc_ioctl_munmap_64(

			struct fastrpc_ioctl_munmap_64 *munmap64,

			struct fastrpc_ioctl_munmap *imunmap)

{

	imunmap->vaddrout = (uintptr_t)munmap64->vaddrout;

	imunmap->size = munmap64->size;

}



static int fastrpc_internal_munmap(struct fastrpc_file *fl,

				   struct fastrpc_ioctl_munmap *ud)

{
@@ -2203,9 +2228,15 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
	union {

		struct fastrpc_ioctl_invoke_fd invokefd;

		struct fastrpc_ioctl_mmap mmap;

		struct fastrpc_ioctl_mmap_64 mmap64;

		struct fastrpc_ioctl_munmap munmap;

		struct fastrpc_ioctl_munmap_64 munmap64;

		struct fastrpc_ioctl_init init;

	} p;

	union {

		struct fastrpc_ioctl_mmap mmap;

		struct fastrpc_ioctl_munmap munmap;

	} i;

	void *param = (char *)ioctl_param;

	struct fastrpc_file *fl = (struct fastrpc_file *)file->private_data;

	int size = 0, err = 0;
@@ -2248,24 +2279,27 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
			goto bail;

		break;

	case FASTRPC_IOCTL_MMAP_64:

		K_COPY_FROM_USER(err, 0, &p.mmap, param,

						sizeof(p.mmap));

		K_COPY_FROM_USER(err, 0, &p.mmap64, param,

						sizeof(p.mmap64));

		if (err)

			goto bail;

		VERIFY(err, 0 == (err = fastrpc_internal_mmap(fl, &p.mmap)));

		get_fastrpc_ioctl_mmap_64(&p.mmap64, &i.mmap);

		VERIFY(err, 0 == (err = fastrpc_internal_mmap(fl, &i.mmap)));

		if (err)

			goto bail;

		K_COPY_TO_USER(err, 0, param, &p.mmap, sizeof(p.mmap));

		put_fastrpc_ioctl_mmap_64(&p.mmap64, &i.mmap);

		K_COPY_TO_USER(err, 0, param, &p.mmap64, sizeof(p.mmap64));

		if (err)

			goto bail;

		break;

	case FASTRPC_IOCTL_MUNMAP_64:

		K_COPY_FROM_USER(err, 0, &p.munmap, param,

						sizeof(p.munmap));

		K_COPY_FROM_USER(err, 0, &p.munmap64, param,

						sizeof(p.munmap64));

		if (err)

			goto bail;

		get_fastrpc_ioctl_munmap_64(&p.munmap64, &i.munmap);

		VERIFY(err, 0 == (err = fastrpc_internal_munmap(fl,

							&p.munmap)));

							&i.munmap)));

		if (err)

			goto bail;

		break;