Android 14.0.0 Release 0.46 (UQ1A.240205.002,barbet)
bus: mhi: misc: Add check for dev_rp if it is iommu range or not
er_ctxt->rp pointer is updated by MDM which is untrusted to HLOS,
it could be arbitrary value.
If there is security issue on MDM, and updated pointer which is not
align then driver will never come out of loop where checking against
dev_rp != rp.
So added check to make sure it is in the buffer range & aligned to 128bit.
Bug: 303101658
CRs-Fixed: 3545432
Change-Id: Ib484e07f2c75fcd657a4ccc648a3a20de3edeebc
Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com>
Signed-off-by: Paras Sharma <quic_parass@quicinc.com>
Signed-off-by: Pindar Yang <pindaryang@google.com>
2 files changed
