samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Add boundary check on TSO segments

Browse Source 
In the error-path execution stream where number of tso segments
in a tso_descriptor, there was an assumption that the number would
be > 0 (normal case is 2). When it is zero, a segment at a wrong
index (-1=> (4M-1)) was being unmapped, which was a bad access.
Add code to make sure that the index in question is in the range.
Need still to understand the reason why num_segs were smaller (0)
then expected (2).

Change-Id: I5d6e16f48f29c98cfb2191cf497f4203ea56a78f
CRs-Fixed: 2028808
This commit is contained in:
Orhan K AKYILDIZ
2017-04-04 19:10:26 -07:00
committed by Sandeep Puligilla
parent 07d24be439
commit 5adc058835
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
qdf/linux/src/qdf_nbuf.c
View File

@@ -1944,7 +1944,10 @@ void __qdf_nbuf_unmap_tso_segment(qdf_device_t osdev,
struct qdf_tso_seg_elem_t *tso_seg, struct qdf_tso_seg_elem_t *tso_seg,
bool is_last_seg) bool is_last_seg)
{ {
uint32_t num_frags = tso_seg->seg.num_frags - 1; uint32_t num_frags = 0;
if (tso_seg->seg.num_frags > 0)
num_frags = tso_seg->seg.num_frags - 1;
/*Num of frags in a tso seg cannot be less than 2 */ /*Num of frags in a tso seg cannot be less than 2 */
if (num_frags < 1) { if (num_frags < 1) {