From 40f80424673458d1f9971cdd0df3a8211e99f242 Mon Sep 17 00:00:00 2001
From: Jay Jayanna <jayanna@codeaurora.org>
Date: Thu, 17 Sep 2020 10:23:02 -0700
Subject: [PATCH] net: qrtr: ethernet: Fix incorrect buffer offset

While copying more bytes in a partial packet, the buffer pointer was
incorrectly shifted. So, only the last part of the packet was posted
to the qrtr core, resulting in invalid packet error.

Change-Id: I9823ea5cec1befa55917a0450adacb8e7233d94d
Signed-off-by: Jay Jayanna <jayanna@codeaurora.org>
---
 net/qrtr/ethernet.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/net/qrtr/ethernet.c b/net/qrtr/ethernet.c
index 27bf1d61dcd3..d302891fa9e1 100644
--- a/net/qrtr/ethernet.c
+++ b/net/qrtr/ethernet.c
@@ -178,10 +178,10 @@ void qcom_ethernet_qrtr_dl_cb(struct eth_adapt_result *eth_res)
 	while (len > 0) {
 		if (dlbuf->needed > 0) {
 			pkt_len = dlbuf->pkt_len;
-			dlbuf->buf = dlbuf->buf + dlbuf->saved;
 			if (len >= dlbuf->needed) {
 				dlbuf->needed = set_cp_size(dlbuf->needed);
-				memcpy(dlbuf->buf, src, dlbuf->needed);
+				memcpy((dlbuf->buf + dlbuf->saved),
+				       src, dlbuf->needed);
 				rc = qrtr_endpoint_post(&qdev->ep, dlbuf->buf,
 							pkt_len);
 				if (rc == -EINVAL) {
@@ -189,13 +189,15 @@ void qcom_ethernet_qrtr_dl_cb(struct eth_adapt_result *eth_res)
 						"Invalid qrtr packet\n");
 					goto exit;
 				}
+				memset(dlbuf->buf, 0, MAX_BUFSIZE);
 				len = len - dlbuf->needed;
 				src = src + dlbuf->needed;
 				dlbuf->needed = 0;
+				dlbuf->pkt_len = 0;
 			} else {
 				/* Partial packet */
 				len = set_cp_size(len);
-				memcpy(dlbuf->buf, src, len);
+				memcpy(dlbuf->buf + dlbuf->saved, src, len);
 				dlbuf->saved = dlbuf->saved + len;
 				dlbuf->needed = dlbuf->needed - len;
 				break;
@@ -214,6 +216,12 @@ void qcom_ethernet_qrtr_dl_cb(struct eth_adapt_result *eth_res)
 				break;
 			}
 
+			if (pkt_len > MAX_BUFSIZE) {
+				dev_err(qdev->dev,
+					"Unsupported pkt_len %zu\n", pkt_len);
+				break;
+			}
+
 			if (pkt_len > len) {
 				/* Partial packet */
 				dlbuf->needed = pkt_len - len;
@@ -230,11 +238,11 @@ void qcom_ethernet_qrtr_dl_cb(struct eth_adapt_result *eth_res)
 				dev_err(qdev->dev, "Invalid qrtr packet\n");
 				goto exit;
 			}
-			pkt_len = set_cp_size(pkt_len);
-			memset(dlbuf->buf, 0, pkt_len);
+			memset(dlbuf->buf, 0, MAX_BUFSIZE);
 			len = len - pkt_len;
 			src = src + pkt_len;
 			dlbuf->needed = 0;
+			dlbuf->pkt_len = 0;
 		}
 	}
 exit: