soc: qcom: pil: Avoid possible buffer overflow during Modem boot
Buffer overflow can occur if MBA firmware size exceeds 1MB. So validate size before copying the firmware. CRs-Fixed: 2001803 Change-Id: I070ddf85fbc47df072e7258369272366262ebf46 Signed-off-by: Kishor PK <kpbhat@codeaurora.org> Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This commit is contained in:
parent
067816447b
commit
8f32f01f57
|
@ -1,4 +1,4 @@
|
|||
/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved.
|
||||
/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 and
|
||||
|
@ -560,7 +560,15 @@ int pil_mss_reset_load_mba(struct pil_desc *pil)
|
|||
goto err_mba_data;
|
||||
}
|
||||
count = fw->size;
|
||||
memcpy(mba_virt, data, count);
|
||||
if (count <= SZ_1M) {
|
||||
/* Ensures memcpy is done for max 1MB fw size */
|
||||
memcpy(mba_virt, data, count);
|
||||
} else {
|
||||
dev_err(pil->dev, "%s fw image loading into memory is failed due to fw size overflow\n",
|
||||
__func__);
|
||||
ret = -EINVAL;
|
||||
goto err_mba_data;
|
||||
}
|
||||
wmb();
|
||||
|
||||
/* Load modem debug policy */
|
||||
|
|
Loading…
Reference in New Issue