Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1103125pxv; Fri, 25 Jun 2021 05:39:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGZnctLTP8WQLj2T0ZpTR7O6l3BpgRXzofOHkPjEewT0F6nQTaIB+DtD7uxScpyCF9xuQ+ X-Received: by 2002:a50:afe2:: with SMTP id h89mr14645928edd.308.1624624785505; Fri, 25 Jun 2021 05:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624624785; cv=none; d=google.com; s=arc-20160816; b=LY4u54U/wQ3G8FIpRBwX/hnnrpOiBGuCmePPpQpO6k3xYfFyuiF6Y9d6bMzJcVpAON dPmpSKlRcmNfBn7FZtFbtc0V0PTZGINjpz3zuk2BuB29vdtILpvz/8vRcZoz9Uer9fjB apeSYA259O0LJkhlL7RQzeJ5vaII8s1eDib++TWj6KNf7gVPXWgtmSIcdbIA3syXR/MB jKhWVPs+8ahlnj9/CMyuqO65YRDASnxaNN2gtiv3wF5KPjsg5vb27o/5jfh9G6z9oxae SDZaYEVgbA3a41tZxgTgybPsxViOe6WSV9Mb22MyZDwh13h/GaMWkb2N+aTWgpGxgK72 7S0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=KAQ9aUmihUjqfB2fJLjTKQhOKj3/1S+TP/BDGd1GSiBAbPHWQvMIVgItgk/bForeOH h44OU+PUPAX6EcwrTfQQfIdvyNSY+qnTep5fxeI4SDoBcdFn8YlVxlRJTOW/fCEy6nTp lkt30chviF5tT19Uonid/GPlSn9uvoy4p9pdWwgO9rMPTAw85A9NsZ2vGzFeoEvN+fhg 0mjf70JRDz0gglCwOcCFLewmayth4gA0n+EhVkszk6oVHeo4sn+6/U87quSc3sB5HqVS C+yjjJVLoLPkecCw5LDiwmKP7Tlt6+sBn3eTgtWiOf/0VcA6MB6DL4lqyt4KDEcwBerG XwWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Hy65QO2G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x2si6837136ejy.385.2021.06.25.05.39.22; Fri, 25 Jun 2021 05:39:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Hy65QO2G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231748AbhFYMho (ORCPT + 99 others); Fri, 25 Jun 2021 08:37:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231575AbhFYMh3 (ORCPT ); Fri, 25 Jun 2021 08:37:29 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D6F4C061767 for ; Fri, 25 Jun 2021 05:35:08 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id g21so6236732pfc.11 for ; Fri, 25 Jun 2021 05:35:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=Hy65QO2GBVFDg5pZZhWRdmeGYjaXwBpDs00P4nEHc/QWsnaZFmT/6oo6rMhXd//RgT mi0hhr2nR6Z0tcXQnTQI5r0vcuHzO2qU9Sx4hZuLEyf7LoJDBrS5hr4L6Y8fjrbTJBjf WsN6I0sPuDvJVbUTh+jBWjA7srlHs1pKMtdaD8wOX/hYvgenA5+QEy5VpBKTfEjEumMD mpfmz9iYsDRqfY6214B7h96j/m0jAeec1y/6ZKojaWJSOYnx0SocAGEUq5ipbjbjNSKI D2eRyGC0ED2QWTfKfeMtw5edBPs/y/7x3L0uWgnOjEPiEGHFKYgemhOFGEDqqD3eMWlJ 86nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ONtT1ELTSrw1mSRZB+8b9XFyoudbRa+VTUtUIpf2uNg=; b=NI4iyTYSMFZN8WEg+ErAtgLKrSfREY/55OsR+dV5DB0pZ+BduZYnwNyGaCyXUVQfQL DXYrnARbse4lq2v1+3QYwcj2pQUuyZ4qnW6KnLGAkAiQvzN/UzHW73P3UFLwXDB7290T GLTCvB0lffb8f3c/ecwy9wClhr2KTNl34a0hN1I3cmsVWP0zVYisJmq94Sglk4qfgtHf FLH3KvG/mi+2k/lzouHaK7J5YLnb/sCY3W+5iFqYEOJuKosyk/AA5K46biHWgiPD4l7q wrPKZBXOJG3EKP9i3Jr/JbOZsvlDVPObiEA+iVbmgQdwMSD4OJ9XuIOKIhYQONnF1hiX dRmw== X-Gm-Message-State: AOAM533ms03+kE+zbKG4qFj5sZmj8yq4Z1rzGd2KabXo30M6teczN3Tb vB+sH69Z3ZgRJjmCyLB8dfb9 X-Received: by 2002:a05:6a00:1356:b029:301:a406:636d with SMTP id k22-20020a056a001356b0290301a406636dmr10252742pfu.39.1624624507776; Fri, 25 Jun 2021 05:35:07 -0700 (PDT) Received: from localhost.localdomain ([2409:4072:600b:2a0:ed5d:53e7:c64e:1bac]) by smtp.gmail.com with ESMTPSA id y7sm6077780pfy.153.2021.06.25.05.35.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jun 2021 05:35:07 -0700 (PDT) From: Manivannan Sadhasivam To: gregkh@linuxfoundation.org Cc: hemantk@codeaurora.org, bbhatt@codeaurora.org, linux-arm-msm@vger.kernel.org, jhugo@codeaurora.org, linux-kernel@vger.kernel.org, loic.poulain@linaro.org, kvalo@codeaurora.org, ath11k@lists.infradead.org, Jeffrey Hugo , Manivannan Sadhasivam Subject: [PATCH 10/10] bus: mhi: core: Add range checks for BHI and BHIe Date: Fri, 25 Jun 2021 18:03:55 +0530 Message-Id: <20210625123355.11578-11-manivannan.sadhasivam@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210625123355.11578-1-manivannan.sadhasivam@linaro.org> References: <20210625123355.11578-1-manivannan.sadhasivam@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Bhaumik Bhatt When obtaining the BHI or BHIe offsets during the power up preparation phase, range checks are missing. These can help controller drivers avoid accessing any address outside of the MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI registration as it is a required field and range checks will fail without it. Signed-off-by: Bhaumik Bhatt Reviewed-by: Jeffrey Hugo Reviewed-by: Hemant Kumar Reviewed-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/1620330705-40192-7-git-send-email-bbhatt@codeaurora.org Signed-off-by: Manivannan Sadhasivam --- drivers/bus/mhi/core/init.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c index 1cc2f225d3d1..aeb1e3c2cdc4 100644 --- a/drivers/bus/mhi/core/init.c +++ b/drivers/bus/mhi/core/init.c @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl, if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs || !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put || !mhi_cntrl->status_cb || !mhi_cntrl->read_reg || - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq) + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || + !mhi_cntrl->irq || !mhi_cntrl->reg_len) return -EINVAL; ret = parse_config(mhi_cntrl, config); @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl) dev_err(dev, "Error getting BHI offset\n"); goto error_reg_offset; } + + if (bhi_off >= mhi_cntrl->reg_len) { + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n", + bhi_off, mhi_cntrl->reg_len); + ret = -EINVAL; + goto error_reg_offset; + } mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off; if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) { @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl) dev_err(dev, "Error getting BHIE offset\n"); goto error_reg_offset; } + + if (bhie_off >= mhi_cntrl->reg_len) { + dev_err(dev, + "BHIe offset: 0x%x is out of range: 0x%zx\n", + bhie_off, mhi_cntrl->reg_len); + ret = -EINVAL; + goto error_reg_offset; + } mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off; } -- 2.25.1