From 7d01934455e3f5efc0019befe1b78ebe60dd7b0c Mon Sep 17 00:00:00 2001
From: Alex Elder <elder@linaro.org>
Date: Mon, 25 Jun 2018 19:58:55 -0500
Subject: soc: qcom: smem: verify partition host ids match

Add verification in qcom_smem_partition_header() that the host ids
found in a partition's header structure match those in its partition
table entry.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
---
 drivers/soc/qcom/smem.c | 36 +++++++++++++++---------------------
 1 file changed, 15 insertions(+), 21 deletions(-)

(limited to 'drivers/soc/qcom/smem.c')

diff --git a/drivers/soc/qcom/smem.c b/drivers/soc/qcom/smem.c
index 5b5cf45e2ef7..14c8b34f6d56 100644
--- a/drivers/soc/qcom/smem.c
+++ b/drivers/soc/qcom/smem.c
@@ -730,7 +730,7 @@ static u32 qcom_smem_get_item_count(struct qcom_smem *smem)
  */
 static struct smem_partition_header *
 qcom_smem_partition_header(struct qcom_smem *smem,
-		struct smem_ptable_entry *entry)
+		struct smem_ptable_entry *entry, u16 host0, u16 host1)
 {
 	struct smem_partition_header *header;
 	u32 size;
@@ -744,6 +744,17 @@ qcom_smem_partition_header(struct qcom_smem *smem,
 		return NULL;
 	}
 
+	if (host0 != le16_to_cpu(header->host0)) {
+		dev_err(smem->dev, "bad host0 (%hu != %hu)\n",
+				host0, le16_to_cpu(header->host0));
+		return NULL;
+	}
+	if (host1 != le16_to_cpu(header->host1)) {
+		dev_err(smem->dev, "bad host1 (%hu != %hu)\n",
+				host1, le16_to_cpu(header->host1));
+		return NULL;
+	}
+
 	size = le32_to_cpu(header->size);
 	if (size != le32_to_cpu(entry->size)) {
 		dev_err(smem->dev, "bad partition size (%u != %u)\n",
@@ -765,7 +776,6 @@ static int qcom_smem_set_global_partition(struct qcom_smem *smem)
 	struct smem_partition_header *header;
 	struct smem_ptable_entry *entry;
 	struct smem_ptable *ptable;
-	u32 host0, host1;
 	bool found = false;
 	int i;
 
@@ -799,18 +809,11 @@ static int qcom_smem_set_global_partition(struct qcom_smem *smem)
 		return -EINVAL;
 	}
 
-	header = qcom_smem_partition_header(smem, entry);
+	header = qcom_smem_partition_header(smem, entry,
+				SMEM_GLOBAL_HOST, SMEM_GLOBAL_HOST);
 	if (!header)
 		return -EINVAL;
 
-	host0 = le16_to_cpu(header->host0);
-	host1 = le16_to_cpu(header->host1);
-
-	if (host0 != SMEM_GLOBAL_HOST || host1 != SMEM_GLOBAL_HOST) {
-		dev_err(smem->dev, "Global partition hosts are invalid\n");
-		return -EINVAL;
-	}
-
 	smem->global_partition = header;
 	smem->global_cacheline = le32_to_cpu(entry->cacheline);
 
@@ -861,19 +864,10 @@ static int qcom_smem_enumerate_partitions(struct qcom_smem *smem,
 			return -EINVAL;
 		}
 
-		header = qcom_smem_partition_header(smem, entry);
+		header = qcom_smem_partition_header(smem, entry, host0, host1);
 		if (!header)
 			return -EINVAL;
 
-		host0 = le16_to_cpu(header->host0);
-		host1 = le16_to_cpu(header->host1);
-
-		if (host0 != host0 || host1 != host1) {
-			dev_err(smem->dev,
-				"Partition %d hosts don't match\n", i);
-			return -EINVAL;
-		}
-
 		smem->partitions[remote_host] = header;
 		smem->cacheline[remote_host] = le32_to_cpu(entry->cacheline);
 	}
-- 
cgit v1.2.3