cxl/mbox: Add a check on input payload size

A bug in the LSA code resulted in transfers slightly larger than the mailbox size. Let us make it easier to catch similar issues in future by adding a low level check. Signed-off-by: N Jonathan Cameron <Jonathan.Cameron@huawei.com> Link: https://lore.kernel.org/r/20220815154044.24733-2-Jonathan.Cameron@huawei.comSigned-off-by: N Dan Williams <dan.j.williams@intel.com>

cxl/mbox: Add a check on input payload size
A bug in the LSA code resulted in transfers slightly larger than the mailbox size. Let us make it easier to catch similar issues in future by adding a low level check. Signed-off-by: N Jonathan Cameron <Jonathan.Cameron@huawei.com> Link: https://lore.kernel.org/r/20220815154044.24733-2-Jonathan.Cameron@huawei.comSigned-off-by: N Dan Williams <dan.j.williams@intel.com>
cf00b330 · Jonathan Cameron · Dan Williams · 9abf2313 · cf00b330
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/cxl/core/mbox.c drivers/cxl/core/mbox.c +1 -1

未找到文件。
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@@ -174,7 +174,7 @@ int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,
 	};
 	int rc;
-	if (out_size > cxlds->payload_size)
+	if (in_size > cxlds->payload_size || out_size > cxlds->payload_size)
 		return -E2BIG;
 	rc = cxlds->mbox_send(cxlds, &mbox_cmd);