]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
arm: socfpga: mailbox: Fix off-by-one error on command length checking
authorLey Foon Tan <ley.foon.tan@intel.com>
Wed, 24 Apr 2019 05:21:47 +0000 (13:21 +0800)
committerMarek Vasut <marex@denx.de>
Wed, 24 Apr 2019 22:00:49 +0000 (00:00 +0200)
A mailbox command contains 1-u32 header + arguments. The "len" variable
only contains the length of the arguments, but not the 1-u32 header.
Include the length of header when checking the ring buffer space to
prevent off-by-one error.

Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
arch/arm/mach-socfpga/mailbox_s10.c

index 3c332239361d1c27dda4624b91ab875d83d58229..4498ab55dfa14603010dedbc2aa31206d2f2268b 100644 (file)
@@ -55,11 +55,11 @@ static __always_inline int mbox_fill_cmd_circular_buff(u32 header, u32 len,
        cout = MBOX_READL(MBOX_COUT) % MBOX_CMD_BUFFER_SIZE;
 
        /* if command buffer is full or not enough free space
-        * to fit the data
+        * to fit the data. Note, len is in u32 unit.
         */
        if (((cin + 1) % MBOX_CMD_BUFFER_SIZE) == cout ||
            ((MBOX_CMD_BUFFER_SIZE - cin + cout - 1) %
-            MBOX_CMD_BUFFER_SIZE) < len)
+            MBOX_CMD_BUFFER_SIZE) < (len + 1))
                return -ENOMEM;
 
        /* write header to circular buffer */