Cached items are found at the high end of an smem partition.  A
cached item's shared memory precedes the private entry structure
that describes it.

The address of the structure describing the first cached item should
be returned by phdr_to_first_cached_entry().  However the function
calculates the start address using the wrong structure size.

Fix this by computing the first item's entry structure address by
subtracting the size of a private entry structure rather than a
partition header structure.

Signed-off-by: Alex Elder <>
 drivers/soc/qcom/smem.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/qcom/smem.c b/drivers/soc/qcom/smem.c
index 0b94d62fad2b..7f38c5e11440 100644
--- a/drivers/soc/qcom/smem.c
+++ b/drivers/soc/qcom/smem.c
@@ -292,8 +292,9 @@ static void *phdr_to_first_cached_entry(struct 
smem_partition_header *phdr,
                                        size_t cacheline)
        void *p = phdr;
+       struct smem_private_entry *e;
-       return p + le32_to_cpu(phdr->size) - ALIGN(sizeof(*phdr), cacheline);
+       return p + le32_to_cpu(phdr->size) - ALIGN(sizeof(*e), cacheline);
 static void *phdr_to_last_cached_entry(struct smem_partition_header *phdr)

Reply via email to