| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1632125731-18768-1-git-send-email-jeyr@codeaurora.org>
Date: Mon, 20 Sep 2021 13:45:31 +0530
From: Jeya R <jeyr@...eaurora.org>
To: linux-arm-msm@...r.kernel.org, srinivas.kandagatla@...aro.org
Cc: Jeya R <jeyr@...eaurora.org>, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org, fastrpc.upstream@....qualcomm.com
Subject: [PATCH] misc: fastrpc: fix improper packet size calculation
The buffer list is sorted and this is not being
considered while calculating packet size. This
would lead to improper copy length calculation
for non-dmaheap buffers which would eventually
cause sending improper buffers to DSP.
Signed-off-by: Jeya R <jeyr@...eaurora.org>
---
drivers/misc/fastrpc.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index beda610..a7e550f 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -719,16 +719,21 @@ static int fastrpc_get_meta_size(struct fastrpc_invoke_ctx *ctx)
static u64 fastrpc_get_payload_size(struct fastrpc_invoke_ctx *ctx, int metalen)
{
u64 size = 0;
- int i;
+ int oix = 0;
size = ALIGN(metalen, FASTRPC_ALIGN);
- for (i = 0; i < ctx->nscalars; i++) {
+ for (oix = 0; oix < ctx->nbufs; oix++) {
+ int i = ctx->olaps[oix].raix;
+
+ if (ctx->args[i].length == 0)
+ continue;
+
if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1) {
- if (ctx->olaps[i].offset == 0)
+ if (ctx->olaps[oix].offset == 0)
size = ALIGN(size, FASTRPC_ALIGN);
- size += (ctx->olaps[i].mend - ctx->olaps[i].mstart);
+ size += (ctx->olaps[oix].mend - ctx->olaps[oix].mstart);
}
}
--
2.7.4
Powered by blists - more mailing lists