]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit
projects / mirror_ubuntu-hirsute-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f8dcac1) | patch
net: ipa: terminate message handler arrays
authorAlex Elder <elder@linaro.org>
Fri, 12 Mar 2021 15:12:48 +0000 (09:12 -0600)
committerSeth Forshee <seth.forshee@canonical.com>
Thu, 8 Apr 2021 20:42:33 +0000 (15:42 -0500)
commitbe7a3dd6c26056fd01e803a920f02c744fcaf87e
treee67d322dce592d051bc140c86c69b091bbcb50e7tree
parentf8dcac15f59a31ccab8f0fd69b803db74dc88394commit | diff
net: ipa: terminate message handler arrays

BugLink: https://bugs.launchpad.net/bugs/1922601
[ Upstream commit 3a9ef3e11c5d33e5cb355b4aad1a4caad2407541 ]

When a QMI handle is initialized, an array of message handler
structures is provided, defining how any received message should
be handled based on its type and message ID.  The QMI core code
traverses this array when a message arrives and calls the function
associated with the (type, msg_id) found in the array.

The array is supposed to be terminated with an empty (all zero)
entry though.  Without it, an unsupported message will cause
the QMI core code to go past the end of the array.

Fix this bug, by properly terminating the message handler arrays
provided when QMI handles are set up by the IPA driver.

Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications")
Reported-by: Sujit Kautkar <sujitka@chromium.org>
Signed-off-by: Alex Elder <elder@linaro.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
drivers/net/ipa/ipa_qmi.c diff | blob | blame | history
Ubuntu Hirsute Linux kernel mirror