From 564ed96df09ae414ce94afe3ba975d0a9ccc9adc Mon Sep 17 00:00:00 2001
From: Jingyu Su <quic_jingyus@quicinc.com>
Date: Tue, 18 Apr 2023 14:42:08 -0700
Subject: [PATCH] msm: eva: fix KASAN stack-out-of-bounds issue in
 __iface_cmdq_write_relaxed

Change-Id: Id5b07cf778804ac7865f150e72331be6e94cb80d
Signed-off-by: Jingyu Su <quic_jingyus@quicinc.com>
---
 msm/eva/cvp_hfi.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/msm/eva/cvp_hfi.c b/msm/eva/cvp_hfi.c
index cfb79d8f04..30ae7c516b 100644
--- a/msm/eva/cvp_hfi.c
+++ b/msm/eva/cvp_hfi.c
@@ -433,12 +433,17 @@ static int __write_queue(struct cvp_iface_q_info *qinfo, u8 *packet,
 	}
 
 	cmd_pkt = (struct cvp_hfi_cmd_session_hdr *)packet;
-	dprintk(CVP_CMD, "%s: "
-		"pkt_type %08x sess_id %08x trans_id %u ktid %llu\n",
-		__func__, cmd_pkt->packet_type,
-		cmd_pkt->session_id,
-		cmd_pkt->client_data.transaction_id,
-		cmd_pkt->client_data.kdata & (FENCE_BIT - 1));
+
+	if (cmd_pkt->size >= sizeof(struct cvp_hfi_cmd_session_hdr)) 
+		dprintk(CVP_CMD, "%s: "
+			"pkt_type %08x sess_id %08x trans_id %u ktid %llu\n",
+			__func__, cmd_pkt->packet_type,
+			cmd_pkt->session_id,
+			cmd_pkt->client_data.transaction_id,
+			cmd_pkt->client_data.kdata & (FENCE_BIT - 1));
+	else 
+		dprintk(CVP_CMD, "%s: "
+			"pkt_type %08x", __func__, cmd_pkt->packet_type);
 
 	if (msm_cvp_debug & CVP_PKT) {
 		dprintk(CVP_PKT, "%s: %pK\n", __func__, qinfo);