[RFC PATCH 1/3] mmc: core: validate user input for RPMB block count

[Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>]

For RPMB, block count is a non-zero 16 bit wide number. Reject invalid
values from userspace instead of just masking the unneeded bits. Tested
with a modified 'mmc-utils' package.

Signed-off-by: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>
---
 drivers/mmc/core/block.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index c35b5b08bb33..9e0f7e4aa8c6 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -550,6 +550,9 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card *card, struct mmc_blk_data *md,
 	}
 
 	if (idata->rpmb) {
+		if (data.blocks > 65535 || !data.blocks)
+			return -EINVAL;
+
 		err = mmc_set_blockcount(card, data.blocks,
 			idata->ic.write_flag & (1 << 31));
 		if (err)
-- 
2.11.0