| Message ID | 20241104152312.3813601-4-jberring@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | nvmem: fix out-of-bounds reboot-mode write | expand |
Hi, On Mon, Nov 04, 2024 at 10:23:12AM -0500, Jennifer Berringer wrote: > Some devices, such as Qualcomm sa8775p, have an nvmem reboot mode cell > that is smaller than 32 bits, which resulted in > nvmem_reboot_mode_write() failing. Using nvmem_cell_write_variable_u32() > fixes this by writing only the least-significant byte of the magic value > when the size specified in device tree is only one byte. > > Signed-off-by: Jennifer Berringer <jberring@redhat.com> > --- Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com> -- Sebastian > drivers/power/reset/nvmem-reboot-mode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/power/reset/nvmem-reboot-mode.c b/drivers/power/reset/nvmem-reboot-mode.c > index 41530b70cfc4..b52eb879d1c1 100644 > --- a/drivers/power/reset/nvmem-reboot-mode.c > +++ b/drivers/power/reset/nvmem-reboot-mode.c > @@ -24,7 +24,7 @@ static int nvmem_reboot_mode_write(struct reboot_mode_driver *reboot, > > nvmem_rbm = container_of(reboot, struct nvmem_reboot_mode, reboot); > > - ret = nvmem_cell_write(nvmem_rbm->cell, &magic, sizeof(magic)); > + ret = nvmem_cell_write_variable_u32(nvmem_rbm->cell, magic); > if (ret < 0) > dev_err(reboot->dev, "update reboot mode bits failed\n"); > > -- > 2.46.2 > >
diff --git a/drivers/power/reset/nvmem-reboot-mode.c b/drivers/power/reset/nvmem-reboot-mode.c index 41530b70cfc4..b52eb879d1c1 100644 --- a/drivers/power/reset/nvmem-reboot-mode.c +++ b/drivers/power/reset/nvmem-reboot-mode.c @@ -24,7 +24,7 @@ static int nvmem_reboot_mode_write(struct reboot_mode_driver *reboot, nvmem_rbm = container_of(reboot, struct nvmem_reboot_mode, reboot); - ret = nvmem_cell_write(nvmem_rbm->cell, &magic, sizeof(magic)); + ret = nvmem_cell_write_variable_u32(nvmem_rbm->cell, magic); if (ret < 0) dev_err(reboot->dev, "update reboot mode bits failed\n");
Some devices, such as Qualcomm sa8775p, have an nvmem reboot mode cell that is smaller than 32 bits, which resulted in nvmem_reboot_mode_write() failing. Using nvmem_cell_write_variable_u32() fixes this by writing only the least-significant byte of the magic value when the size specified in device tree is only one byte. Signed-off-by: Jennifer Berringer <jberring@redhat.com> --- drivers/power/reset/nvmem-reboot-mode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)