From a7610a4a94549e68158d780cc069960f11bfe181 Mon Sep 17 00:00:00 2001 From: Ashok Vuyyuru Date: Tue, 20 Sep 2022 10:51:02 +0300 Subject: [PATCH] ipa: Fix ioctl buffer allocation due to increased header size The max header size changed from 64 to 255, which caused increase in size of structs containing headers (struct ipa_hdr_add). Fixing the stack buffer allocation size in the ioctl to avoid buffer overflow. Note for the future: This function allocates number of buffers on the stack, but uses only one on each call. It would be better to refactor it, to use only one buffer, in order to minimize stack allocations. Change-Id: Id79efe7901ebf85dab4c0ba09cc7bb852cf22a97 Signed-off-by: Ilia Lin Signed-off-by: Chaitanya Pratapa Signed-off-by: Ashok Vuyyuru --- drivers/platform/msm/ipa/ipa_v3/ipa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa.c b/drivers/platform/msm/ipa/ipa_v3/ipa.c index d6e5e11c8e7a..2fe49feaa860 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa.c @@ -2035,7 +2035,7 @@ static long ipa3_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { int retval = 0; u32 pyld_sz; - u8 header[128] = { 0 }; + u8 header[512] = { 0 }; u8 *param = NULL; bool is_vlan_mode; struct ipa_ioc_nat_alloc_mem nat_mem;