On Fri 12 Mar 09:12 CST 2021, Alex Elder wrote:
> When a QMI handle is initialized, an array of message handler
> structures is provided, defining how any received message should
> be handled based on its type and message ID. The QMI core code
> traverses this array when a message arrives and calls the function
> associated with the (type, msg_id) found in the array.
>
> The array is supposed to be terminated with an empty (all zero)
> entry though. Without it, an unsupported message will cause
> the QMI core code to go past the end of the array.
>
> Fix this bug, by properly terminating the message handler arrays
> provided when QMI handles are set up by the IPA driver.
>
Reviewed-by: Bjorn Andersson <bjorn.anders...@linaro.org>
Regards,
Bjorn
> Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications")
> Reported-by: Sujit Kautkar <suji...@chromium.org>
> Signed-off-by: Alex Elder <el...@linaro.org>
> ---
> drivers/net/ipa/ipa_qmi.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/ipa/ipa_qmi.c b/drivers/net/ipa/ipa_qmi.c
> index 2fc64483f2753..e594bf3b600f0 100644
> --- a/drivers/net/ipa/ipa_qmi.c
> +++ b/drivers/net/ipa/ipa_qmi.c
> @@ -249,6 +249,7 @@ static const struct qmi_msg_handler
> ipa_server_msg_handlers[] = {
> .decoded_size = IPA_QMI_DRIVER_INIT_COMPLETE_REQ_SZ,
> .fn = ipa_server_driver_init_complete,
> },
> + { },
> };
>
> /* Handle an INIT_DRIVER response message from the modem. */
> @@ -269,6 +270,7 @@ static const struct qmi_msg_handler
> ipa_client_msg_handlers[] = {
> .decoded_size = IPA_QMI_INIT_DRIVER_RSP_SZ,
> .fn = ipa_client_init_driver,
> },
> + { },
> };
>
> /* Return a pointer to an init modem driver request structure, which contains
> --
> 2.27.0
>
