forked from luck/tmp_suning_uos_patched
ee67cbc13f
[ Upstream commit 440c3247cba3d9433ac435d371dd7927d68772a7 ]
IPA configuration data includes an array of memory region
descriptors. That was a fixed-size array at one time, but
at some point we started defining it such that it was only
as big as required for a given platform. The actual number
of entries in the array is recorded in the configuration data
along with the array.
A loop in ipa_mem_config() still assumes the array has entries
for all defined memory region IDs. As a result, this loop can
go past the end of the actual array and attempt to write
"canary" values based on nonsensical data.
Fix this, by stashing the number of entries in the array, and
using that rather than IPA_MEM_COUNT in the initialization loop
found in ipa_mem_config().
The only remaining use of IPA_MEM_COUNT is in a validation check
to ensure configuration data doesn't have too many entries.
That's fine for now.
Fixes:
|
||
---|---|---|
.. | ||
gsi_private.h | ||
gsi_reg.h | ||
gsi_trans.c | ||
gsi_trans.h | ||
gsi.c | ||
gsi.h | ||
ipa_clock.c | ||
ipa_clock.h | ||
ipa_cmd.c | ||
ipa_cmd.h | ||
ipa_data-sc7180.c | ||
ipa_data-sdm845.c | ||
ipa_data.h | ||
ipa_endpoint.c | ||
ipa_endpoint.h | ||
ipa_gsi.c | ||
ipa_gsi.h | ||
ipa_interrupt.c | ||
ipa_interrupt.h | ||
ipa_main.c | ||
ipa_mem.c | ||
ipa_mem.h | ||
ipa_modem.c | ||
ipa_modem.h | ||
ipa_qmi_msg.c | ||
ipa_qmi_msg.h | ||
ipa_qmi.c | ||
ipa_qmi.h | ||
ipa_reg.c | ||
ipa_reg.h | ||
ipa_smp2p.c | ||
ipa_smp2p.h | ||
ipa_table.c | ||
ipa_table.h | ||
ipa_uc.c | ||
ipa_uc.h | ||
ipa_version.h | ||
ipa.h | ||
Kconfig | ||
Makefile |