From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751970AbcFJAXE (ORCPT ); Thu, 9 Jun 2016 20:23:04 -0400 Received: from mail-pa0-f53.google.com ([209.85.220.53]:33450 "EHLO mail-pa0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750751AbcFJAXB (ORCPT ); Thu, 9 Jun 2016 20:23:01 -0400 From: Bjorn Andersson To: Andy Gross Cc: linux-arm-msm@vger.kernel.org (open list:ARM/QUALCOMM SUPPORT), linux-soc@vger.kernel.org (open list:ARM/QUALCOMM SUPPORT), linux-kernel@vger.kernel.org (open list), stable@vger.kernel.org Subject: [PATCH 1/2] soc: qcom: smp2p: Correct addressing of outgoing value Date: Thu, 9 Jun 2016 17:22:56 -0700 Message-Id: <1465518177-14594-1-git-send-email-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.5.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The valid_entries index should not be incremented until after we have acquired the pointer to the value, or we will read and write data one item off. Fixes: 50e99641413e ("soc: qcom: smp2p: Qualcomm Shared Memory Point to Point") Cc: stable@vger.kernel.org Signed-off-by: Bjorn Andersson --- drivers/soc/qcom/smp2p.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/smp2p.c b/drivers/soc/qcom/smp2p.c index f1eed7f9dd67..9c2788b8f2c3 100644 --- a/drivers/soc/qcom/smp2p.c +++ b/drivers/soc/qcom/smp2p.c @@ -344,11 +344,12 @@ static int qcom_smp2p_outbound_entry(struct qcom_smp2p *smp2p, /* Allocate an entry from the smem item */ strlcpy(buf, entry->name, SMP2P_MAX_ENTRY_NAME); memcpy_toio(out->entries[out->valid_entries].name, buf, SMP2P_MAX_ENTRY_NAME); - out->valid_entries++; /* Make the logical entry reference the physical value */ entry->value = &out->entries[out->valid_entries].value; + out->valid_entries++; + entry->state = qcom_smem_state_register(node, &smp2p_state_ops, entry); if (IS_ERR(entry->state)) { dev_err(smp2p->dev, "failed to register qcom_smem_state\n"); -- 2.5.0