soc: qcom: pil: Avoid possible buffer overflow during Modem boot

Buffer overflow can occur if MBA firmware size exceeds 1MB. So validate size before copying the firmware. CRs-Fixed: 2001803 Change-Id: I070ddf85fbc47df072e7258369272366262ebf46 Signed-off-by: Kishor PK <kpbhat@codeaurora.org> Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
2017-03-30 14:23:37 +05:30 · 2017-03-30 14:23:37 +05:30 · 8f32f01f57
parent 067816447b
commit 8f32f01f57
1 changed files with 10 additions and 2 deletions
--- a/drivers/soc/qcom/pil-msa.c
+++ b/drivers/soc/qcom/pil-msa.c
@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 and
@ -560,7 +560,15 @@ int pil_mss_reset_load_mba(struct pil_desc *pil)
 		goto err_mba_data;
 	}
 	count = fw->size;
-	memcpy(mba_virt, data, count);
+	if (count <= SZ_1M) {
+		/* Ensures memcpy is done for max 1MB fw size */
+		memcpy(mba_virt, data, count);
+	} else {
+		dev_err(pil->dev, "%s fw image loading into memory is failed due to fw size overflow\n",
+			__func__);
+		ret = -EINVAL;
+		goto err_mba_data;
+	}
 	wmb();

 	/* Load modem debug policy */