From 83dded8dd6393db0fab93ddd27c84aedc6bcbc37 Mon Sep 17 00:00:00 2001
From: Viswanath L <viswanathl@nvidia.com>
Date: Mon, 26 Aug 2024 05:54:53 +0000
Subject: [PATCH] nvadsp: Access MSGQ ptrs via pointer increment

Accessing queue and payload fields of MSGQ via array index
causes out-of-bound warnings in new kernel version as they
are initialized as arrays of size 1:
  index 53 is out of range for type 'int32_t [1]'
  index 2045 is out of range for type 'int32_t [1]'

Addressing this by accessing the fields via pointer
increment instead of array index.

Bug 4420795

Change-Id: I873dbe08a894d1eea8866bb8a16018816d0e4db3
Signed-off-by: Viswanath L <viswanathl@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3199294
Reviewed-by: Asha T <atalambedu@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Dara Ramesh <dramesh@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
---
 drivers/platform/tegra/nvadsp/msgq.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/drivers/platform/tegra/nvadsp/msgq.c b/drivers/platform/tegra/nvadsp/msgq.c
index e7d66820..b9373d74 100644
--- a/drivers/platform/tegra/nvadsp/msgq.c
+++ b/drivers/platform/tegra/nvadsp/msgq.c
@@ -1,7 +1,5 @@
 // SPDX-License-Identifier: GPL-2.0-only
-/**
- * Copyright (c) 2014-2023, NVIDIA CORPORATION. All rights reserved.
- */
+// SPDX-FileCopyrightText: Copyright (c) 2014-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 
 #include <linux/tegra_nvadsp.h>
 
@@ -61,12 +59,12 @@ int32_t msgq_queue_message(msgq_t *msgq, const msgq_message_t *message)
 		int32_t wi = msgq->write_index;
 		bool wrap = ri <= wi;
 		int32_t *start = msgq->queue;
-		int32_t *end = &msgq->queue[msgq->size];
-		int32_t *first = &msgq->queue[wi];
-		int32_t *last = &msgq->queue[ri];
+		int32_t *end = msgq->queue + msgq->size;
+		int32_t *first = msgq->queue + wi;
+		int32_t *last = msgq->queue + ri;
 		int32_t qremainder = wrap ? end - first : last - first;
 		int32_t qsize = wrap ? qremainder + (last - start) : qremainder;
-		int32_t msize = &message->payload[message->size] -
+		int32_t msize = (message->payload + message->size) -
 			(int32_t *)message;
 
 		if (qsize <= msize) {
@@ -123,7 +121,7 @@ int32_t msgq_dequeue_message(msgq_t *msgq, msgq_message_t *message)
 
 	ri = msgq->read_index;
 	wi = msgq->write_index;
-	msg = (msgq_message_t *)&msgq->queue[msgq->read_index];
+	msg = (msgq_message_t *)(msgq->queue + msgq->read_index);
 
 	if (ri == wi) {
 		/* empty queue */
@@ -145,8 +143,8 @@ int32_t msgq_dequeue_message(msgq_t *msgq, msgq_message_t *message)
 	} else {
 		/* copy message to the output buffer */
 		int32_t msize = MSGQ_MESSAGE_HEADER_WSIZE + msg->size;
-		int32_t *first = &msgq->queue[msgq->read_index];
-		int32_t *end = &msgq->queue[msgq->size];
+		int32_t *first = msgq->queue + msgq->read_index;
+		int32_t *end = msgq->queue + msgq->size;
 		int32_t qremainder = end - first;
 
 		if (msize < qremainder) {