summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArve Hjønnevåg <arve@android.com>2009-01-31 07:21:09 +0300
committerGreg Kroah-Hartman <gregkh@kvm.kroah.org>2009-02-09 22:26:18 +0300
commit5701c0519b7a357a602fda5c96f26197ecfc4c85 (patch)
tree9cd14cf870d090c26540ea2d594e2eff1f9a78f6
parent07f269862a2981f1512de5393e2d0ce5b2ee8305 (diff)
downloadlinux-5701c0519b7a357a602fda5c96f26197ecfc4c85.tar.xz
Staging: android: ram_console: Disable ECC when early init is enabled and validate buffer size
Signed-off-by: Arve Hjønnevåg <arve@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/staging/android/Kconfig1
-rw-r--r--drivers/staging/android/ram_console.c14
2 files changed, 15 insertions, 0 deletions
diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig
index 6b996db0dd6a..604bd1e0d546 100644
--- a/drivers/staging/android/Kconfig
+++ b/drivers/staging/android/Kconfig
@@ -27,6 +27,7 @@ menuconfig ANDROID_RAM_CONSOLE_ERROR_CORRECTION
bool "Android RAM Console Enable error correction"
default n
depends on ANDROID_RAM_CONSOLE
+ depends on !ANDROID_RAM_CONSOLE_EARLY_INIT
select REED_SOLOMON
select REED_SOLOMON_ENC8
select REED_SOLOMON_DEC8
diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index bf006857a87a..643ac5ce381d 100644
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -224,9 +224,23 @@ static int __init ram_console_init(struct ram_console_buffer *buffer,
ram_console_buffer_size =
buffer_size - sizeof(struct ram_console_buffer);
+ if (ram_console_buffer_size > buffer_size) {
+ pr_err("ram_console: buffer %p, invalid size %d, datasize %d\n",
+ buffer, buffer_size, ram_console_buffer_size);
+ return 0;
+ }
+
#ifdef CONFIG_ANDROID_RAM_CONSOLE_ERROR_CORRECTION
ram_console_buffer_size -= (DIV_ROUND_UP(ram_console_buffer_size,
ECC_BLOCK_SIZE) + 1) * ECC_SIZE;
+
+ if (ram_console_buffer_size > buffer_size) {
+ pr_err("ram_console: buffer %p, invalid size %d, "
+ "non-ecc datasize %d\n",
+ buffer, buffer_size, ram_console_buffer_size);
+ return 0;
+ }
+
ram_console_par_buffer = buffer->data + ram_console_buffer_size;