Commit dd925db6 authored by Sudeep Holla's avatar Sudeep Holla
Browse files

firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow

The ffa_linux_errmap buffer access index is supposed to range from 0-8
but it ranges from 1-9 instead. It reads one element out of bounds. It
also changes the success into -EINVAL though ffa_to_linux_errno is never
used in case of success, it is expected to work for success case too.

It is slightly confusing code as the negative of the error code
is used as index to the buffer. Fix it by negating it at the start and
make it more readable.

Link: https://lore.kernel.org/r/20210707134739.1869481-1-sudeep.holla@arm.com

Reported-by: default avatarkernel test robot <lkp@intel.com>
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarSudeep Holla <sudeep.holla@arm.com>
parent ba684a31
......@@ -149,8 +149,10 @@ static const int ffa_linux_errmap[] = {
static inline int ffa_to_linux_errno(int errno)
{
if (errno < FFA_RET_SUCCESS && errno >= -ARRAY_SIZE(ffa_linux_errmap))
return ffa_linux_errmap[-errno];
int err_idx = -errno;
if (err_idx >= 0 && err_idx < ARRAY_SIZE(ffa_linux_errmap))
return ffa_linux_errmap[err_idx];
return -EINVAL;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment