From 7099c2a6d2f6c68016bfdb2c62eefa49885b569c Mon Sep 17 00:00:00 2001
From: Sathish Ambley <sathishambley@codeaurora.org>
Date: Thu, 19 May 2016 14:43:25 -0700
Subject: [PATCH] msm: ADSPRPC: Validate the SMMU session count

Make sure that the session count does not exceed the maximum
sessions to avoid buffer overflow.

Change-Id: I1a9830a6f859d7d525247d27d0a143997998d997
Acked-by: Bharath Kumar <bkumar@qti.qualcomm.com>
Signed-off-by: Sathish Ambley <sathishambley@codeaurora.org>
---
 drivers/char/adsprpc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index cbdda065c404..e4fafb01ca17 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -2305,6 +2305,9 @@ static int fastrpc_cb_legacy_probe(struct device *dev)
 	if (err)
 		goto bail;
 	for (i = 0; i < sids_size/sizeof(unsigned int); i++) {
+		VERIFY(err, chan->sesscount < NUM_SESSIONS);
+		if (err)
+			goto bail;
 		sess = &chan->session[chan->sesscount];
 		sess->smmu.cb = sids[i];
 		sess->dev = first_sess->dev;