nvmem device read/write could be called directly once nvmem
device registered, the sanity check should be done before each
nvmem_reg_read/write().
Signed-off-by: Bingbu Cao <bingbu.cao@xxxxxxxxx>
---
drivers/nvmem/core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 927eb5f6003f..09ad5a06efee 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -69,6 +69,9 @@ static BLOCKING_NOTIFIER_HEAD(nvmem_notifier);
static int nvmem_reg_read(struct nvmem_device *nvmem, unsigned int offset,
void *val, size_t bytes)
{
+ if (bytes + offset > nvmem->size)
+ return -EINVAL;
+
if (nvmem->reg_read)
return nvmem->reg_read(nvmem->priv, offset, val, bytes);
@@ -80,6 +83,9 @@ static int nvmem_reg_write(struct nvmem_device *nvmem, unsigned int offset,
{
int ret;
+ if (bytes + offset > nvmem->size)
+ return -EINVAL;
+
if (nvmem->reg_write) {
gpiod_set_value_cansleep(nvmem->wp_gpio, 0);
ret = nvmem->reg_write(nvmem->priv, offset, val, bytes);
--
2.7.4
