Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91fc36d0 authored by Kishor PK's avatar Kishor PK Committed by Gerrit - the friendly Code Review server
Browse files

soc: qcom: pil: Avoid possible buffer overflow during Modem boot 



Buffer overflow can occur if MBA firmware size exceeds 1MB.
So validate size before copying the firmware.

CRs-Fixed: 2001803
Change-Id: I070ddf85fbc47df072e7258369272366262ebf46
Signed-off-by: default avatarKishor PK <kpbhat@codeaurora.org>
Signed-off-by: default avatarSrinivasarao P <spathi@codeaurora.org>
Signed-off-by: default avatarKishor PK <kpbhat@codeaurora.org>
parent e8e94793

drivers/soc/qcom/pil-msa.c

+10 −2
Original line number Diff line number Diff line 
/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved.

/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -482,7 +482,15 @@ int pil_mss_reset_load_mba(struct pil_desc *pil) 
		ret = -ENOMEM;

		goto err_mss_reset;

	}

	if (count <= SZ_1M) {

		/* Ensures memcpy is done for max 1MB fw size */

		memcpy(mba_virt, data, count);

	} else {

		dev_err(pil->dev, "%s fw image loading into memory is failed due to fw size overflow\n",

			__func__);

		ret = -EINVAL;

		goto err_mss_reset;

	}

	wmb();



	ret = pil_mss_reset(pil);