Re: [PATCH v4 1/5] nvmem: check invalid number of bytes in nvmem_device_{read,write}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the patch.

On 07/12/18 11:27, Biju Das wrote:
Add check in nvmem_device_{read,write}()to ensure that nvmem core never
passes an invalid number of bytes.

Signed-off-by: Biju Das <biju.das@xxxxxxxxxxxxxx>
---
V3-->V4
	* New patch.
---
  drivers/nvmem/core.c | 26 +++++++++++++++++++++++++-
  1 file changed, 25 insertions(+), 1 deletion(-)


Its better to move checks from bin_attr_nvmem_read()/bin_attr_nvmem_write() into nvmem_reg_read() and nvmem_reg_write(), so its easy to maintain, rather than adding them to each function.

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index d9fd110..db7de33 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -1433,10 +1433,21 @@ int nvmem_device_read(struct nvmem_device *nvmem,
  		      size_t bytes, void *buf)
  {
  	int rc;
+	size_t new_bytes;
if (!nvmem)
  		return -EINVAL;
+ /* Stop the user from reading */
+	if ((offset >= nvmem->size) || (bytes == 0))
+		return 0;
+
+	if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
+		return -EOVERFLOW;
+
+	if (new_bytes > nvmem->size)
+		bytes = nvmem->size - offset;
+
  	rc = nvmem_reg_read(nvmem, offset, buf, bytes);
if (rc)
@@ -1461,16 +1472,29 @@ int nvmem_device_write(struct nvmem_device *nvmem,
  		       size_t bytes, void *buf)
  {
  	int rc;
+	size_t new_bytes;
if (!nvmem)
  		return -EINVAL;
+ /* Stop the user from writing */
+	if (offset >= nvmem->size)
+		return -ENOSPC;
+
+	if (bytes == 0)
+		return 0;
+
+	if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
+		return -EOVERFLOW;
+
+	if (new_bytes > nvmem->size)
+		bytes = nvmem->size - offset;
+
  	rc = nvmem_reg_write(nvmem, offset, buf, bytes);
if (rc)
  		return rc;
-

Unrelated change!


--srini
  	return bytes;
  }
  EXPORT_SYMBOL_GPL(nvmem_device_write);




[Index of Archives]     [Linux Samsung SOC]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux