mhi: core: Add checks for bhi and bhie offsets
Bail out if device returns invalid bhi/bhie offsets.
Change-Id: Ifc92c53a4c1f7c951721cbec0b1d7285cf19cd72
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
diff --git a/drivers/bus/mhi/core/mhi_pm.c b/drivers/bus/mhi/core/mhi_pm.c
index a4e63bc..d86107b 100644
--- a/drivers/bus/mhi/core/mhi_pm.c
+++ b/drivers/bus/mhi/core/mhi_pm.c
@@ -947,6 +947,12 @@
goto error_bhi_offset;
}
+ if (val >= mhi_cntrl->len) {
+ write_unlock_irq(&mhi_cntrl->pm_lock);
+ MHI_ERR("Invalid bhi offset:%x\n", val);
+ goto error_bhi_offset;
+ }
+
mhi_cntrl->bhi = mhi_cntrl->regs + val;
/* setup bhie offset if not set */
@@ -958,6 +964,12 @@
goto error_bhi_offset;
}
+ if (val >= mhi_cntrl->len) {
+ write_unlock_irq(&mhi_cntrl->pm_lock);
+ MHI_ERR("Invalid bhie offset:%x\n", val);
+ goto error_bhi_offset;
+ }
+
mhi_cntrl->bhie = mhi_cntrl->regs + val;
}