mirror of
https://github.com/Fishwaldo/u-boot.git
synced 2025-03-15 19:51:37 +00:00
firmware: zynqmp: fix write to an uninitialised pointer in ipi_req()
When a caller is not interested in the returned message, the ret_payload pointer is set to NULL in the u-boot-sources. In this case, under EL3, the memory from address 0x0 would be overwritten by ipi_req() with the returned IPI message, damaging the original data under this address. The patch, in case ret_payload is NULL, assigns the pointer to the array holding the IPI message being sent. Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Adrian Fiergolski <Adrian.Fiergolski@fastree3d.com> Link: https://lore.kernel.org/r/3178ff7651948270b714daa4adad48b94eaca9ba.1634309856.git.michal.simek@xilinx.com
This commit is contained in:
parent
b05cc389ba
commit
53f5d1688e
1 changed files with 4 additions and 0 deletions
|
@ -29,6 +29,10 @@ static int ipi_req(const u32 *req, size_t req_len, u32 *res, size_t res_maxlen)
|
|||
{
|
||||
struct zynqmp_ipi_msg msg;
|
||||
int ret;
|
||||
u32 buffer[PAYLOAD_ARG_CNT];
|
||||
|
||||
if (!res)
|
||||
res = buffer;
|
||||
|
||||
if (req_len > PMUFW_PAYLOAD_ARG_CNT ||
|
||||
res_maxlen > PMUFW_PAYLOAD_ARG_CNT)
|
||||
|
|
Loading…
Add table
Reference in a new issue