| Message ID | 1632220527-29547-1-git-send-email-jeyr@codeaurora.org (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | misc: fastrpc: fix improper packet size calculation | expand |
Hi Jeya, Can you make sure the subject line reflects the patch version that you are sending. In this case it should be "[PATCH v2] misc: fastrpc: fix improper packet size calculation" this will help reviewers and maintainers to differentiate the versions of patch. On 21/09/2021 11:35, Jeya R wrote: > The buffer list is sorted and this is not being considered while > calculating packet size. This would lead to improper copy length > calculation for non-dmaheap buffers which would eventually cause > sending improper buffers to DSP. > > Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method") > Signed-off-by: Jeya R <jeyr@codeaurora.org> > --- Please add changes done from v1 to v2 here. something like: Changes from v1: - bla bla bla.. > drivers/misc/fastrpc.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c > index beda610..a7e550f 100644 > --- a/drivers/misc/fastrpc.c > +++ b/drivers/misc/fastrpc.c > @@ -719,16 +719,21 @@ static int fastrpc_get_meta_size(struct fastrpc_invoke_ctx *ctx) > static u64 fastrpc_get_payload_size(struct fastrpc_invoke_ctx *ctx, int metalen) > { > u64 size = 0; > - int i; > + int oix = 0; Looks like you missed to address my previous comments. --srini > > size = ALIGN(metalen, FASTRPC_ALIGN); > - for (i = 0; i < ctx->nscalars; i++) { > + for (oix = 0; oix < ctx->nbufs; oix++) { > + int i = ctx->olaps[oix].raix; > + > + if (ctx->args[i].length == 0) > + continue; > + > if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1) { > > - if (ctx->olaps[i].offset == 0) > + if (ctx->olaps[oix].offset == 0) > size = ALIGN(size, FASTRPC_ALIGN); > > - size += (ctx->olaps[i].mend - ctx->olaps[i].mstart); > + size += (ctx->olaps[oix].mend - ctx->olaps[oix].mstart); > } > } > >
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index beda610..a7e550f 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -719,16 +719,21 @@ static int fastrpc_get_meta_size(struct fastrpc_invoke_ctx *ctx) static u64 fastrpc_get_payload_size(struct fastrpc_invoke_ctx *ctx, int metalen) { u64 size = 0; - int i; + int oix = 0; size = ALIGN(metalen, FASTRPC_ALIGN); - for (i = 0; i < ctx->nscalars; i++) { + for (oix = 0; oix < ctx->nbufs; oix++) { + int i = ctx->olaps[oix].raix; + + if (ctx->args[i].length == 0) + continue; + if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1) { - if (ctx->olaps[i].offset == 0) + if (ctx->olaps[oix].offset == 0) size = ALIGN(size, FASTRPC_ALIGN); - size += (ctx->olaps[i].mend - ctx->olaps[i].mstart); + size += (ctx->olaps[oix].mend - ctx->olaps[oix].mstart); } }
The buffer list is sorted and this is not being considered while calculating packet size. This would lead to improper copy length calculation for non-dmaheap buffers which would eventually cause sending improper buffers to DSP. Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method") Signed-off-by: Jeya R <jeyr@codeaurora.org> --- drivers/misc/fastrpc.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)