Skip to content

Commit

Permalink
Merge tag 'LA.UM.9.1.r1-16300-SMxxx0.QSSI14.0' of https://git.codelin…
Browse files Browse the repository at this point in the history
…aro.org/clo/la/platform/vendor/opensource/audio-kernel into sleepy

"LA.UM.9.1.r1-16300-SMxxx0.QSSI14.0"

Signed-off-by: Shashank Patil <[email protected]>
  • Loading branch information
itsshashanksp committed Sep 9, 2024
2 parents 2336684 + 315167b commit 6969c8b
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 28 deletions.
15 changes: 5 additions & 10 deletions techpack/audio/4.0/dsp/q6adm.c
Original file line number Diff line number Diff line change
Expand Up @@ -1565,16 +1565,11 @@ static int32_t adm_callback(struct apr_client_data *data, void *priv)
if (data->opcode == APR_BASIC_RSP_RESULT) {
pr_debug("%s: APR_BASIC_RSP_RESULT id 0x%x\n",
__func__, payload[0]);

if (!((client_id != ADM_CLIENT_ID_SOURCE_TRACKING) &&
((payload[0] == ADM_CMD_SET_PP_PARAMS_V5) ||
(payload[0] == ADM_CMD_SET_PP_PARAMS_V6)))) {
if (data->payload_size <
(2 * sizeof(uint32_t))) {
pr_err("%s: Invalid payload size %d\n",
__func__, data->payload_size);
return 0;
}
if (data->payload_size <
(2 * sizeof(uint32_t))) {
pr_err("%s: Invalid payload size %d\n",
__func__, data->payload_size);
return 0;
}

if (payload[1] != 0) {
Expand Down
8 changes: 7 additions & 1 deletion techpack/audio/4.0/dsp/q6lsm.c
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2013-2019, Linux Foundation. All rights reserved.
* Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
* Copyright (c) 2023-2024 Qualcomm Innovation Center, Inc. All rights reserved.
*/
#include <linux/fs.h>
#include <linux/mutex.h>
Expand Down Expand Up @@ -1901,6 +1901,12 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv)
return 0;
}

if (data->payload_size < (2 * sizeof(uint32_t))) {
pr_err("%s: payload has invalid size[%d]\n", __func__,
data->payload_size);
return -EINVAL;
}

command = payload[0];
retcode = payload[1];
sid = (data->token >> 8) & 0x0F;
Expand Down
12 changes: 9 additions & 3 deletions techpack/audio/4.0/dsp/q6voice.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.
* Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
*/
#include <linux/slab.h>
#include <linux/kthread.h>
Expand Down Expand Up @@ -7905,7 +7906,7 @@ static int32_t qdsp_cvs_callback(struct apr_client_data *data, void *priv)
VSS_ISTREAM_EVT_OOB_NOTIFY_ENC_BUFFER_READY) {
int ret = 0;
u16 cvs_handle;
uint32_t *cvs_voc_pkt;
uint32_t *cvs_voc_pkt, tot_buf_sz;
struct cvs_enc_buffer_consumed_cmd send_enc_buf_consumed_cmd;
void *apr_cvs;

Expand Down Expand Up @@ -7934,9 +7935,14 @@ static int32_t qdsp_cvs_callback(struct apr_client_data *data, void *priv)
VSS_ISTREAM_EVT_OOB_NOTIFY_ENC_BUFFER_CONSUMED;

cvs_voc_pkt = v->shmem_info.sh_buf.buf[1].data;

if (__builtin_add_overflow(cvs_voc_pkt[2], 3 * sizeof(uint32_t), &tot_buf_sz)) {
pr_err("%s: integer overflow detected\n", __func__);
return -EINVAL;
}

if (cvs_voc_pkt != NULL && common.mvs_info.ul_cb != NULL) {
if (v->shmem_info.sh_buf.buf[1].size <
((3 * sizeof(uint32_t)) + cvs_voc_pkt[2])) {
if (v->shmem_info.sh_buf.buf[1].size < tot_buf_sz) {
pr_err("%s: invalid voc pkt size\n", __func__);
return -EINVAL;
}
Expand Down
17 changes: 7 additions & 10 deletions techpack/audio/dsp/q6lsm.c
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
/*
* Copyright (c) 2013-2019, Linux Foundation. All rights reserved.
*
* Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
* only version 2 as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* Copyright (c) 2023-2024 Qualcomm Innovation Center, Inc. All rights reserved.
*/
#include <linux/fs.h>
#include <linux/mutex.h>
Expand Down Expand Up @@ -1823,6 +1814,12 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv)
return 0;
}

if (data->payload_size < (2 * sizeof(uint32_t))) {
pr_err("%s: payload has invalid size[%d]\n", __func__,
data->payload_size);
return -EINVAL;
}

command = payload[0];
retcode = payload[1];
sid = (data->token >> 8) & 0x0F;
Expand Down
13 changes: 9 additions & 4 deletions techpack/audio/dsp/q6voice.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
* Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
* Copyright (c) 2023-2024, Qualcomm Innovation Center, Inc. All rights reserved.
*/
#include <linux/slab.h>
#include <linux/kthread.h>
Expand Down Expand Up @@ -7777,7 +7777,7 @@ static int32_t qdsp_cvs_callback(struct apr_client_data *data, void *priv)
VSS_ISTREAM_EVT_OOB_NOTIFY_ENC_BUFFER_READY) {
int ret = 0;
u16 cvs_handle;
uint32_t *cvs_voc_pkt;
uint32_t *cvs_voc_pkt, tot_buf_sz;
struct cvs_enc_buffer_consumed_cmd send_enc_buf_consumed_cmd;
void *apr_cvs;

Expand Down Expand Up @@ -7806,9 +7806,14 @@ static int32_t qdsp_cvs_callback(struct apr_client_data *data, void *priv)
VSS_ISTREAM_EVT_OOB_NOTIFY_ENC_BUFFER_CONSUMED;

cvs_voc_pkt = v->shmem_info.sh_buf.buf[1].data;

if (__builtin_add_overflow(cvs_voc_pkt[2], 3 * sizeof(uint32_t), &tot_buf_sz)) {
pr_err("%s: integer overflow detected\n", __func__);
return -EINVAL;
}

if (cvs_voc_pkt != NULL && common.mvs_info.ul_cb != NULL) {
if (v->shmem_info.sh_buf.buf[1].size <
((3 * sizeof(uint32_t)) + cvs_voc_pkt[2])) {
if (v->shmem_info.sh_buf.buf[1].size < tot_buf_sz) {
pr_err("%s: invalid voc pkt size\n", __func__);
return -EINVAL;
}
Expand Down

0 comments on commit 6969c8b

Please sign in to comment.