MLK-11894 imx: sema4: fix the out of bounds write
Fix the out of bounds write, and the dereference before null check. Signed-off-by: Richard Zhu <Richard.Zhu@freescale.com> (cherry picked from commit 775ff0727166535e9b1ba1f70167e6a33fee5f13)pull/10/head
Richard Zhu
Jason Liu
parent
ec34ff4dba
commit
e4e58f4b61
|
|
@ -44,7 +44,7 @@ imx_sema4_mutex_create(u32 dev_num, u32 mutex_num)
|
|||
{
|
||||
struct imx_sema4_mutex *mutex_ptr = NULL;
|
||||
|
||||
if ((mutex_num > SEMA4_NUM_GATES) || dev_num >= SEMA4_NUM_DEVICES)
|
||||
if (mutex_num >= SEMA4_NUM_GATES || dev_num >= SEMA4_NUM_DEVICES)
|
||||
goto out;
|
||||
|
||||
if (imx6_sema4->cpine_val & (1 < mutex_num)) {
|
||||
|
|
@ -121,11 +121,12 @@ EXPORT_SYMBOL(imx_sema4_mutex_destroy);
|
|||
*/
|
||||
int _imx_sema4_mutex_lock(struct imx_sema4_mutex *mutex_ptr)
|
||||
{
|
||||
int ret = 0, i = mutex_ptr->gate_num;
|
||||
int ret = 0, i = 0;
|
||||
|
||||
if ((mutex_ptr == NULL) || (mutex_ptr->valid != CORE_MUTEX_VALID))
|
||||
return -EINVAL;
|
||||
|
||||
i = mutex_ptr->gate_num;
|
||||
mutex_ptr->gate_val = readb(imx6_sema4->ioaddr + i);
|
||||
mutex_ptr->gate_val &= SEMA4_GATE_MASK;
|
||||
/* Check to see if this core already own it */
|
||||
|
|
@ -234,11 +235,12 @@ EXPORT_SYMBOL(imx_sema4_mutex_lock);
|
|||
*/
|
||||
int imx_sema4_mutex_unlock(struct imx_sema4_mutex *mutex_ptr)
|
||||
{
|
||||
int ret = 0, i = mutex_ptr->gate_num;
|
||||
int ret = 0, i = 0;
|
||||
|
||||
if ((mutex_ptr == NULL) || (mutex_ptr->valid != CORE_MUTEX_VALID))
|
||||
return -EINVAL;
|
||||
|
||||
i = mutex_ptr->gate_num;
|
||||
mutex_ptr->gate_val = readb(imx6_sema4->ioaddr + i);
|
||||
mutex_ptr->gate_val &= SEMA4_GATE_MASK;
|
||||
/* make sure it is locked by this core */
|
||||
|
|
@ -271,7 +273,7 @@ static irqreturn_t imx_sema4_isr(int irq, void *dev_id)
|
|||
{
|
||||
int i;
|
||||
struct imx_sema4_mutex *mutex_ptr;
|
||||
u32 mask;
|
||||
unsigned int mask;
|
||||
struct imx_sema4_mutex_device *imx6_sema4 = dev_id;
|
||||
|
||||
imx6_sema4->cpntf_val = readw(imx6_sema4->ioaddr + SEMA4_CP0NTF);
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ enum {
|
|||
SEMA4_CP1NTF = 0x88,
|
||||
};
|
||||
|
||||
static const unsigned int idx_sema4[16] = {
|
||||
static const unsigned int idx_sema4[SEMA4_NUM_GATES] = {
|
||||
1 << 7, 1 << 6, 1 << 5, 1 << 4,
|
||||
1 << 3, 1 << 2, 1 << 1, 1 << 0,
|
||||
1 << 15, 1 << 14, 1 << 13, 1 << 12,
|
||||
|
|
@ -52,7 +52,7 @@ struct imx_sema4_mutex_device {
|
|||
int irq;
|
||||
|
||||
u16 alloced;
|
||||
struct imx_sema4_mutex *mutex_ptr[16];
|
||||
struct imx_sema4_mutex *mutex_ptr[SEMA4_NUM_GATES];
|
||||
};
|
||||
|
||||
struct imx_sema4_mutex *
|
||||
|
|
|
|||
Loading…
Reference in New Issue