cxl/mbox: Add a check on input payload size

A bug in the LSA code resulted in transfers slightly larger than the mailbox size. Let us make it easier to catch similar issues in future by adding a low level check. Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Link: https://lore.kernel.org/r/20220815154044.24733-2-Jonathan.Cameron@huawei.com Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2022-08-15 16:40:43 +01:00 · 2022-08-15 16:40:43 +01:00 · cf00b33058
commit cf00b33058
parent 9abf2313ad
1 changed files with 1 additions and 1 deletions
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@ -174,7 +174,7 @@ int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,
 	};
 	int rc;

-	if (out_size > cxlds->payload_size)
+	if (in_size > cxlds->payload_size || out_size > cxlds->payload_size)
 		return -E2BIG;

 	rc = cxlds->mbox_send(cxlds, &mbox_cmd);