From: Philippe Schenker <[email protected]> When compiling for R5 core with CONFIG_REMOTEPROC_TI_K3_R5F, passing 'size' (ulong) to ti_secure_image_post_process() caused a type mismatch compiler error.
On platforms where ulong and size_t differ in size, directly casting could lead to out-of-bounds memory access. Fix by introducing a size_t temporary variable, passing it to the function, and writing back the potentially modified value for use in subsequent calls. Signed-off-by: Philippe Schenker <[email protected]> Acked-by: Andrew Davis <[email protected]> --- Changes in v3: - Assign size to a variable of type size_t before casting to make sure no memory is accessed out-of-bounds on any circumstance. - Change this commit title and message accordingly. Changes in v2: - Added Andrew's Acked-by drivers/remoteproc/ti_k3_r5f_rproc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/ti_k3_r5f_rproc.c b/drivers/remoteproc/ti_k3_r5f_rproc.c index c738607c1092..48ebdaf06931 100644 --- a/drivers/remoteproc/ti_k3_r5f_rproc.c +++ b/drivers/remoteproc/ti_k3_r5f_rproc.c @@ -315,6 +315,7 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size) bool mem_auto_init; void *image_addr = (void *)addr; int ret; + size_t size_img; dev_dbg(dev, "%s addr = 0x%lx, size = 0x%lx\n", __func__, addr, size); @@ -341,7 +342,9 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size) k3_r5f_init_tcm_memories(core, mem_auto_init); - ti_secure_image_post_process(&image_addr, &size); + size_img = size; + ti_secure_image_post_process(&image_addr, &size_img); + size = size_img; ret = rproc_elf_load_image(dev, addr, size); if (ret < 0) { -- 2.51.2
