summaryrefslogtreecommitdiff
path: root/scripts/lib/kdoc/kdoc_parser.py
diff options
context:
space:
mode:
authorGabor Juhos <j4g8y7@gmail.com>2025-06-18 22:22:50 +0200
committerMark Brown <broonie@kernel.org>2025-06-29 22:10:47 +0100
commitddaad4ad774d4ae02047ef873a8e38f62a4b7b01 (patch)
tree84cc229445f96c5db70e8418938687a1c168f941 /scripts/lib/kdoc/kdoc_parser.py
parentd85d0380292a7e618915069c3579ae23c7c80339 (diff)
mtd: nand: qpic_common: prevent out of bounds access of BAM arrays
The common QPIC code does not do any boundary checking when it handles the command elements and scatter gater list arrays of a BAM transaction, thus it allows to access out of bounds elements in those. Although it is the responsibility of the given driver to allocate enough space for all possible BAM transaction variations, however there can be mistakes in the driver code which can lead to hidden memory corruption issues which are hard to debug. This kind of problem has been observed during testing the 'spi-qpic-snand' driver. Although the driver has been fixed with a preceding patch, but it still makes sense to reduce the chance of having such errors again later. In order to prevent such errors, change the qcom_alloc_bam_transaction() function to store the number of elements of the arrays in the 'bam_transaction' strucutre during allocation. Also, add sanity checks to the qcom_prep_bam_dma_desc_{cmd,data}() functions to avoid using out of bounds indices for the arrays. Tested-by: Lakshmi Sowjanya D <quic_laksd@quicinc.com> # on SDX75 Acked-by: Miquel Raynal <miquel.raynal@bootlin.com> Signed-off-by: Gabor Juhos <j4g8y7@gmail.com> Link: https://patch.msgid.link/20250618-qpic-snand-avoid-mem-corruption-v3-2-319c71296cda@gmail.com Signed-off-by: Mark Brown <broonie@kernel.org>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_parser.py')
0 files changed, 0 insertions, 0 deletions