Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3423327pxf; Mon, 29 Mar 2021 01:38:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDD0GuCEph44gy/VWMaR3d7oZVqIUQN+mM21Oh4nm3awoZo/bMwIUzc7HmS5OKRYZr/ot/ X-Received: by 2002:a05:6402:518c:: with SMTP id q12mr15303935edd.11.1617007128522; Mon, 29 Mar 2021 01:38:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617007128; cv=none; d=google.com; s=arc-20160816; b=pJD1w6105N5IM1E9ANG1Jym62B0sZWEpg7HFpqE7pkLDEs/JtDvJ/Dnnqa6JjAAIBm guGG5moLB1k2zYx8+GTfz9hrvYhYP7oto42mxLztmWzEF4XLLYIk+kyrNPEklIXqW8PZ byqINWExvaS0r3+TDaGA7p+ZifIpXVBrP3DAHQHXiLRwrEA6bPT8saqvL2bB4E1QCYRH Xra7rjrHdgNED/9WgXkKlzy8Ah32TqxRpYWEd87UHu7d3KFmhnmfDdSnDHQvz93Ry2C5 9Ju3Ly8CK+VWctlFPkTTc0NK05KUso3ac779s+PKd78Y5Jqm5TcBc5jeBFd5t4yy7pJT YgRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cDiZEX2yJSpRVjQyPozTs/wtZgoXXFLu1C67VmMk5nA=; b=DGRTBtWgsQ0dRONfPx3pNG2jE5A8tVOUUmiaZW4EZNZV6DYbvoU6anfbsO5pE6ycys 50tzQpdA/Y7aItolPtR098998O8MNuHMhwY8IgD/pSTOGDcElZahA1QQwjFHUUkHHfCo D8O+25rQae5hzKoF17qZK/WDVc30SuCUc66DUZorTbO44z6v8FCdqTYT5TOZw3uoYgj8 Js/3VxQVzz7xRBesYworrQfJhfAhlV31OuAq1TBtmI5SE0fFVQ1RhvNjaby19i8cze+u Z1z3KwLh+6V5eOZtSvFRVQ/Uw4ZlPIiU7MQ4eHmaw2aMYM85eUkZyjXqpOMCKsLCF0a2 linA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ue38oxYW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t3si12165842ejy.142.2021.03.29.01.38.24; Mon, 29 Mar 2021 01:38:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ue38oxYW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234273AbhC2IfI (ORCPT + 99 others); Mon, 29 Mar 2021 04:35:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:37378 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233466AbhC2IVa (ORCPT ); Mon, 29 Mar 2021 04:21:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8CCD66196F; Mon, 29 Mar 2021 08:21:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617006090; bh=tLIxHiPcPHoJTYFICj5rIXFLKwMO/acwLvOfCh/B394=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ue38oxYWVzpIUeq7aCWLkWLvAIm2lXzesXbQdjaZdCDaNLxYzeyTkPZMBrJenUM33 yoAiZb72/Zgf99nS4H92mKZn53EL/WsygCoE/v1v6GqEi39yqc+Z1uF96WsAVVVASD q4j1UEGXd8W+yKErLaJWi9DYHxy1aTa38ojU7+Cc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sujit Kautkar , Alex Elder , Bjorn Andersson , "David S. Miller" , Sasha Levin Subject: [PATCH 5.10 115/221] net: ipa: terminate message handler arrays Date: Mon, 29 Mar 2021 09:57:26 +0200 Message-Id: <20210329075633.043185062@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210329075629.172032742@linuxfoundation.org> References: <20210329075629.172032742@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alex Elder [ Upstream commit 3a9ef3e11c5d33e5cb355b4aad1a4caad2407541 ] When a QMI handle is initialized, an array of message handler structures is provided, defining how any received message should be handled based on its type and message ID. The QMI core code traverses this array when a message arrives and calls the function associated with the (type, msg_id) found in the array. The array is supposed to be terminated with an empty (all zero) entry though. Without it, an unsupported message will cause the QMI core code to go past the end of the array. Fix this bug, by properly terminating the message handler arrays provided when QMI handles are set up by the IPA driver. Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications") Reported-by: Sujit Kautkar Signed-off-by: Alex Elder Reviewed-by: Bjorn Andersson Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ipa/ipa_qmi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ipa/ipa_qmi.c b/drivers/net/ipa/ipa_qmi.c index 5090f0f923ad..1a87a49538c5 100644 --- a/drivers/net/ipa/ipa_qmi.c +++ b/drivers/net/ipa/ipa_qmi.c @@ -249,6 +249,7 @@ static struct qmi_msg_handler ipa_server_msg_handlers[] = { .decoded_size = IPA_QMI_DRIVER_INIT_COMPLETE_REQ_SZ, .fn = ipa_server_driver_init_complete, }, + { }, }; /* Handle an INIT_DRIVER response message from the modem. */ @@ -269,6 +270,7 @@ static struct qmi_msg_handler ipa_client_msg_handlers[] = { .decoded_size = IPA_QMI_INIT_DRIVER_RSP_SZ, .fn = ipa_client_init_driver, }, + { }, }; /* Return a pointer to an init modem driver request structure, which contains -- 2.30.1