From 71ffb5a22b49ad1c6266aad237cf8f1f5b13fe9a Mon Sep 17 00:00:00 2001 From: Tzung-Bi Shih Date: Mon, 16 Nov 2020 16:44:11 +0800 Subject: remoteproc/mediatek: fix boundary check It is valid if offset+length == sram_size. For example, sram_size=100, offset=99, length=1. Accessing offset 99 with length 1 is valid. Reviewed-by: Mathieu Poirier Signed-off-by: Tzung-Bi Shih Link: https://lore.kernel.org/r/20201116084413.3312631-2-tzungbi@google.com Signed-off-by: Bjorn Andersson --- drivers/remoteproc/mtk_scp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/remoteproc') diff --git a/drivers/remoteproc/mtk_scp.c b/drivers/remoteproc/mtk_scp.c index a1e23b5f19b9..0abbeb62cf43 100644 --- a/drivers/remoteproc/mtk_scp.c +++ b/drivers/remoteproc/mtk_scp.c @@ -408,11 +408,11 @@ static void *scp_da_to_va(struct rproc *rproc, u64 da, size_t len) if (da < scp->sram_size) { offset = da; - if (offset >= 0 && (offset + len) < scp->sram_size) + if (offset >= 0 && (offset + len) <= scp->sram_size) return (void __force *)scp->sram_base + offset; } else if (scp->dram_size) { offset = da - scp->dma_addr; - if (offset >= 0 && (offset + len) < scp->dram_size) + if (offset >= 0 && (offset + len) <= scp->dram_size) return scp->cpu_addr + offset; } -- cgit v1.2.3