SDOCM00113341 fix: restrict writing Ipc_Reserved struct to core's own area
authorRobert Tivy <rtivy@ti.com>
Mon, 6 Oct 2014 21:45:29 +0000 (14:45 -0700)
committerRobert Tivy <rtivy@ti.com>
Tue, 7 Oct 2014 22:48:02 +0000 (15:48 -0700)
In Ipc_attach(), when a 'memReq' size is 0, a core can write to another
core's Ipc_Reserved struct in SR0 when it isn't supposed to *ever* write
another core's area.  The incorrect assignment needs to be done only when
MultiProc_self() < remoteProcId, similarly to how it is done in other places,
which ensures that a core is writing to only its own IpcReserved area.

packages/ti/sdo/ipc/Ipc.c

index 0ae64499f5179e6bce6bca9cba06aa3c6a8272bf..3f24580df495c3dbc2dca618e50cc9d034c0ac9f 100644 (file)
@@ -203,7 +203,9 @@ Int Ipc_attach(UInt16 remoteProcId)
         }
         else {
             sharedAddr = NULL;
-            slave->notifySRPtr = SharedRegion_invalidSRPtr();
+            if (MultiProc_self() < remoteProcId) {
+                slave->notifySRPtr = SharedRegion_invalidSRPtr();
+            }
         }
 
         /* call attach to remote processor */
@@ -246,7 +248,9 @@ Int Ipc_attach(UInt16 remoteProcId)
         }
         else {
             sharedAddr = NULL;
-            slave->nsrnSRPtr = SharedRegion_invalidSRPtr();
+            if (MultiProc_self() < remoteProcId) {
+                slave->nsrnSRPtr = SharedRegion_invalidSRPtr();
+            }
         }
 
         /* call attach to remote processor */
@@ -289,7 +293,9 @@ Int Ipc_attach(UInt16 remoteProcId)
         }
         else {
             sharedAddr = NULL;
-            slave->transportSRPtr = SharedRegion_invalidSRPtr();
+            if (MultiProc_self() < remoteProcId) {
+                slave->transportSRPtr = SharedRegion_invalidSRPtr();
+            }
         }
 
         /* call attach to remote processor */