From patchwork Mon Aug 2 05:12:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manivannan Sadhasivam X-Patchwork-Id: 490306 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp1600558jas; Sun, 1 Aug 2021 22:13:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxAET4k9U5zHrsyxmQEUwXdThgu7BT2krAKJdCmZIeSAlQo4UBJjbmPDQJKy6y83ARpVXyO X-Received: by 2002:a5d:858d:: with SMTP id f13mr3072456ioj.197.1627881238004; Sun, 01 Aug 2021 22:13:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627881238; cv=none; d=google.com; s=arc-20160816; b=yUmbm1mQHWja/xRBqCzMtk3fHRsnrursNlnTEldDmSNgNtW7Gmu4EuQOCaT5R4oYAf hVp4hcMG9p9HI3JLZYVI5vjFI4J2z2Mko+G9weanL17rCTAVNjNZQURWqGcO/f3gjO6K 5eAjzRewVhy1Xa86iuFr3TXO9GcPyZ6LiQv9uUF8WMc8yceUG8JHnRzXmaFkcqyDtGkr rVQ5ZkBTEovWzFKpfV/zPltl8KNo9m0zeSxiHmce95MtxsCqPNOLDYMRpFjVyvaQoZaT JcQl54B8F+2jGgcIpkqxxr1WRkURMSkBLTg/v1UNUJrcGhwlmwf05L7ODs99vGmFoQ5H IWaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=bQduiuf5NU9fKx/Pc2sANx4giHcdZFymA62XikM+G4fNIR37l6xFEcHGHsVV/NsfaE FH8X2x4k+PokRLnCCV3H7dAYtYptzcO/kQs61DgiGRNry+zhuluYNFcAn+SX/6+7DmZ+ y+j+3NjoIdFFDa9ao7rhlosfnnGxh8VhscEosbrOPtC4cWi6/Ob5+wGeZ0CJVmAiDfYf 5m+4J7qVTMT6046FALjzeOfl0bGxHV87qxoWma9bgV206MT9MLbnsvL91YEmn81Tfz3X ng3fk9ENMNVWS0ODz7B/4WhSohRAoOlX9L5TTlqG1WtQBSafrr/glfS7bHBlxtV4Sv1v qFvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzedpiaT; spf=pass (google.com: domain of linux-arm-msm-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-arm-msm-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w21si3730678ior.60.2021.08.01.22.13.57; Sun, 01 Aug 2021 22:13:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-arm-msm-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DzedpiaT; spf=pass (google.com: domain of linux-arm-msm-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-arm-msm-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232305AbhHBFOF (ORCPT + 17 others); Mon, 2 Aug 2021 01:14:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232265AbhHBFOA (ORCPT ); Mon, 2 Aug 2021 01:14:00 -0400 Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69B4BC06179A for ; Sun, 1 Aug 2021 22:13:51 -0700 (PDT) Received: by mail-pj1-x102f.google.com with SMTP id o44-20020a17090a0a2fb0290176ca3e5a2fso23065744pjo.1 for ; Sun, 01 Aug 2021 22:13:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=DzedpiaTx+uN3cE29+JskCKaCIYbE1PXe9tyG8r+7l0n8M4de4F9xpexiAb6tNwZjj x4tKcBUQbJeAssfNpHdjZxfyVe6SOxlJ607aZTWCtfxt92cGZArt+850Wj/ttvemnuZ0 O9981KyVRdJF59tCQufl8p+5V+NkxrT9AyWjAjfs7Vwbl+uRn0xq0lkZb5/MeeaurhF8 N1co0lPEPpipBiDysNF9PFAF61MG4bPGuxk7KfXcgMabocPLA9kNLeF//oJqatzg+flC Lh3krxDMlkptHdV3Gja1s1JOCGl5sx1u/ugnXliYmGXan5QXJLW+vLvJYWrg+AjPloST y1Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=b7Rl91rYUBs07Oh0qBO/48/S688AHl75G0gkQXVufo4fbJRzNXu1UoBgmU4UNR+YUQ pgGACn27m/iVLX/+tY+18HtHd6U57heCUUYhO3YWjFZEeiEAXddy97dYXUddtdOB7WDB bms+NWA1ErbLg5GE6JBncc62wJ2p6AjTNVk+zkUDCcE1A3WRAbbMBN148Si9UR7vJ7nP fln7LVyhO06wTPdHiBQkJgunSeN/1T99WrG7Fa9/TgmpwzMbAYvcE8wRS2IX2ln9LB0h HIdyFKMtTgbbyhgnh8Lqtza+GHECZnQPijkJFcGJ9s7BCCnvTTkKOKZCQXXWxBggRB+n Fb7A== X-Gm-Message-State: AOAM532JMYdZSPeIkYVB8MuHtFYFUwC12U49WaBN+kqfTIFVNEFILKsT iAbJ0g6K7ngrBsSTMHO4ElbWE9sbk+sgg2w= X-Received: by 2002:a65:6a01:: with SMTP id m1mr265063pgu.201.1627881230787; Sun, 01 Aug 2021 22:13:50 -0700 (PDT) Received: from localhost.localdomain ([2409:4072:6e99:242f:6391:b1b4:1ad8:fbdf]) by smtp.gmail.com with ESMTPSA id x26sm9947000pfm.77.2021.08.01.22.13.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Aug 2021 22:13:50 -0700 (PDT) From: Manivannan Sadhasivam To: gregkh@linuxfoundation.org Cc: hemantk@codeaurora.org, bbhatt@codeaurora.org, linux-arm-msm@vger.kernel.org, jhugo@codeaurora.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, Jeffrey Hugo , Manivannan Sadhasivam Subject: [PATCH 08/10] bus: mhi: core: Add range checks for BHI and BHIe Date: Mon, 2 Aug 2021 10:42:53 +0530 Message-Id: <20210802051255.5771-9-manivannan.sadhasivam@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210802051255.5771-1-manivannan.sadhasivam@linaro.org> References: <20210802051255.5771-1-manivannan.sadhasivam@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Bhaumik Bhatt When obtaining the BHI or BHIe offsets during the power up preparation phase, range checks are missing. These can help controller drivers avoid accessing any address outside of the MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI registration as it is a required field and range checks will fail without it. Signed-off-by: Bhaumik Bhatt Reviewed-by: Jeffrey Hugo Reviewed-by: Hemant Kumar Reviewed-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/1620330705-40192-7-git-send-email-bbhatt@codeaurora.org Signed-off-by: Manivannan Sadhasivam --- drivers/bus/mhi/core/init.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) -- 2.25.1 diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c index 1cc2f225d3d1..aeb1e3c2cdc4 100644 --- a/drivers/bus/mhi/core/init.c +++ b/drivers/bus/mhi/core/init.c @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl, if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs || !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put || !mhi_cntrl->status_cb || !mhi_cntrl->read_reg || - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq) + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || + !mhi_cntrl->irq || !mhi_cntrl->reg_len) return -EINVAL; ret = parse_config(mhi_cntrl, config); @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl) dev_err(dev, "Error getting BHI offset\n"); goto error_reg_offset; } + + if (bhi_off >= mhi_cntrl->reg_len) { + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n", + bhi_off, mhi_cntrl->reg_len); + ret = -EINVAL; + goto error_reg_offset; + } mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off; if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) { @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl) dev_err(dev, "Error getting BHIE offset\n"); goto error_reg_offset; } + + if (bhie_off >= mhi_cntrl->reg_len) { + dev_err(dev, + "BHIe offset: 0x%x is out of range: 0x%zx\n", + bhie_off, mhi_cntrl->reg_len); + ret = -EINVAL; + goto error_reg_offset; + } mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off; }