* [PATCH net] net: ipa: terminate message handler arrays
@ 2021-03-12 15:12 Alex Elder
2021-03-12 16:58 ` Bjorn Andersson
2021-03-13 22:30 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Alex Elder @ 2021-03-12 15:12 UTC (permalink / raw)
To: davem, kuba
Cc: sujitka, evgreen, bjorn.andersson, cpratapa, subashab, netdev,
linux-kernel
When a QMI handle is initialized, an array of message handler
structures is provided, defining how any received message should
be handled based on its type and message ID. The QMI core code
traverses this array when a message arrives and calls the function
associated with the (type, msg_id) found in the array.
The array is supposed to be terminated with an empty (all zero)
entry though. Without it, an unsupported message will cause
the QMI core code to go past the end of the array.
Fix this bug, by properly terminating the message handler arrays
provided when QMI handles are set up by the IPA driver.
Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications")
Reported-by: Sujit Kautkar <sujitka@chromium.org>
Signed-off-by: Alex Elder <elder@linaro.org>
---
drivers/net/ipa/ipa_qmi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ipa/ipa_qmi.c b/drivers/net/ipa/ipa_qmi.c
index 2fc64483f2753..e594bf3b600f0 100644
--- a/drivers/net/ipa/ipa_qmi.c
+++ b/drivers/net/ipa/ipa_qmi.c
@@ -249,6 +249,7 @@ static const struct qmi_msg_handler ipa_server_msg_handlers[] = {
.decoded_size = IPA_QMI_DRIVER_INIT_COMPLETE_REQ_SZ,
.fn = ipa_server_driver_init_complete,
},
+ { },
};
/* Handle an INIT_DRIVER response message from the modem. */
@@ -269,6 +270,7 @@ static const struct qmi_msg_handler ipa_client_msg_handlers[] = {
.decoded_size = IPA_QMI_INIT_DRIVER_RSP_SZ,
.fn = ipa_client_init_driver,
},
+ { },
};
/* Return a pointer to an init modem driver request structure, which contains
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] net: ipa: terminate message handler arrays
2021-03-12 15:12 [PATCH net] net: ipa: terminate message handler arrays Alex Elder
@ 2021-03-12 16:58 ` Bjorn Andersson
2021-03-13 22:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Bjorn Andersson @ 2021-03-12 16:58 UTC (permalink / raw)
To: Alex Elder
Cc: davem, kuba, sujitka, evgreen, cpratapa, subashab, netdev, linux-kernel
On Fri 12 Mar 09:12 CST 2021, Alex Elder wrote:
> When a QMI handle is initialized, an array of message handler
> structures is provided, defining how any received message should
> be handled based on its type and message ID. The QMI core code
> traverses this array when a message arrives and calls the function
> associated with the (type, msg_id) found in the array.
>
> The array is supposed to be terminated with an empty (all zero)
> entry though. Without it, an unsupported message will cause
> the QMI core code to go past the end of the array.
>
> Fix this bug, by properly terminating the message handler arrays
> provided when QMI handles are set up by the IPA driver.
>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Regards,
Bjorn
> Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications")
> Reported-by: Sujit Kautkar <sujitka@chromium.org>
> Signed-off-by: Alex Elder <elder@linaro.org>
> ---
> drivers/net/ipa/ipa_qmi.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/ipa/ipa_qmi.c b/drivers/net/ipa/ipa_qmi.c
> index 2fc64483f2753..e594bf3b600f0 100644
> --- a/drivers/net/ipa/ipa_qmi.c
> +++ b/drivers/net/ipa/ipa_qmi.c
> @@ -249,6 +249,7 @@ static const struct qmi_msg_handler ipa_server_msg_handlers[] = {
> .decoded_size = IPA_QMI_DRIVER_INIT_COMPLETE_REQ_SZ,
> .fn = ipa_server_driver_init_complete,
> },
> + { },
> };
>
> /* Handle an INIT_DRIVER response message from the modem. */
> @@ -269,6 +270,7 @@ static const struct qmi_msg_handler ipa_client_msg_handlers[] = {
> .decoded_size = IPA_QMI_INIT_DRIVER_RSP_SZ,
> .fn = ipa_client_init_driver,
> },
> + { },
> };
>
> /* Return a pointer to an init modem driver request structure, which contains
> --
> 2.27.0
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] net: ipa: terminate message handler arrays
2021-03-12 15:12 [PATCH net] net: ipa: terminate message handler arrays Alex Elder
2021-03-12 16:58 ` Bjorn Andersson
@ 2021-03-13 22:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-03-13 22:30 UTC (permalink / raw)
To: Alex Elder
Cc: davem, kuba, sujitka, evgreen, bjorn.andersson, cpratapa,
subashab, netdev, linux-kernel
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Fri, 12 Mar 2021 09:12:48 -0600 you wrote:
> When a QMI handle is initialized, an array of message handler
> structures is provided, defining how any received message should
> be handled based on its type and message ID. The QMI core code
> traverses this array when a message arrives and calls the function
> associated with the (type, msg_id) found in the array.
>
> The array is supposed to be terminated with an empty (all zero)
> entry though. Without it, an unsupported message will cause
> the QMI core code to go past the end of the array.
>
> [...]
Here is the summary with links:
- [net] net: ipa: terminate message handler arrays
https://git.kernel.org/netdev/net/c/3a9ef3e11c5d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-13 22:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-12 15:12 [PATCH net] net: ipa: terminate message handler arrays Alex Elder
2021-03-12 16:58 ` Bjorn Andersson
2021-03-13 22:30 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.