The raw message frame length is unaligned and explicitly marked as
little endian. It should not be accessed without the appropriatte
accessor functions. Fix this.
Reported-by: kernel-test-robot <lkp@xxxxxxxxx>
Fixes: c167b9c7e3d6 ("platform/surface: Add Surface Aggregator subsystem")
Signed-off-by: Maximilian Luz <luzmaximilian@xxxxxxxxx>
---
drivers/platform/surface/aggregator/ssh_packet_layer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/surface/aggregator/ssh_packet_layer.c b/drivers/platform/surface/aggregator/ssh_packet_layer.c
index 583315db8b02..9a78188d8d1c 100644
--- a/drivers/platform/surface/aggregator/ssh_packet_layer.c
+++ b/drivers/platform/surface/aggregator/ssh_packet_layer.c
@@ -1774,7 +1774,8 @@ static size_t ssh_ptl_rx_eval(struct ssh_ptl *ptl, struct ssam_span *source)
break;
}
- return aligned.ptr - source->ptr + SSH_MESSAGE_LENGTH(frame->len);
+ return aligned.ptr - source->ptr
+ + SSH_MESSAGE_LENGTH(get_unaligned_le16(&frame->len));
}
static int ssh_ptl_rx_threadfn(void *data)
--
2.30.0
