evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

soc: qcom: secure_buffer: Fix the parameter passing to dmac_flush_range

Browse source 
For "chunk_list + chunk_list_len", if the chunk_list is type of u32*,
the chunk_list_len will be 4 * of original size. So we flushed a wrong
area size. In some condition like we enabled CONFIG_DEBUG_PAGEALLOC, it
may flush out of page bound of the invalid pte page.

Fix it by manually convert it as void* when doing the addition.

CRs-Fixed: 2309993
Change-Id: I2b88d78ba73d9904fa2bf6106937001715b6037f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
This commit is contained in:
Zhenhua Huang 2018-09-06 14:27:14 +08:00 committed by Gerrit - the friendly Code Review server
parent dffb51fe96
commit 371698455c
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
drivers/soc/qcom/secure_buffer.c
View file

@ -1,6 +1,6 @@
/*
* Copyright (C) 2011 Google, Inc
* Copyright (c) 2011-2017, The Linux Foundation. All rights reserved.
* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@ -144,7 +144,8 @@ static int secure_buffer_change_table(struct sg_table *table, int lock)
* secure environment to ensure the data is actually present
* in RAM
*/
dmac_flush_range(chunk_list, chunk_list + chunk_list_len);
dmac_flush_range(chunk_list,
(void *)chunk_list + chunk_list_len);
ret = secure_buffer_change_chunk(virt_to_phys(chunk_list),
nchunks, V2_CHUNK_SIZE, lock);