[PATCH] regmap: Check for out-of-range offsets before mapping them
Pratyush Yadav
p.yadav at ti.com
Mon Jun 15 17:11:24 CEST 2020
On 13/06/20 03:11AM, sjg at google.com wrote:
> Hi Simon,
>
> On 07/06/20 08:43PM, Simon Glass wrote:
> > Hi Pratyush,
> >
> > On Tue, 26 May 2020 at 06:06, Pratyush Yadav <p.yadav at ti.com> wrote:
> > >
> > > In regmap_raw_{read,write}_range(), offsets are checked to make sure
> > > they aren't out of range. But this check happens _after_ the address is
> > > mapped from physical memory. Input should be sanity-checked before using
> > > it. Mapping the address before validating it leaves the door open to
> > > passing an invalid address to map_physmem(). So check for out of range
> > > offsets _before_ mapping them.
> > >
> > > This fixes a segmentation fault in sandbox when -1 is used as an offset
> > > to regmap_{read,write}().
> > >
> > > Signed-off-by: Pratyush Yadav <p.yadav at ti.com>
> > > ---
> > > drivers/core/regmap.c | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > >
> >
> > Reviewed-by: Simon Glass <sjg at chromium.org>
>
> Thanks.
>
> > Please add a sandbox test to catch this problem.
>
> The test "dm_test_devm_regmap" proposed in [0] should catch this:
>
> ut_asserteq(-ERANGE, regmap_write(priv->cfg_regmap, -1, val));
> ut_asserteq(-ERANGE, regmap_read(priv->cfg_regmap, -1, &val));
>
> [0] https://patchwork.ozlabs.org/project/uboot/patch/20200605203025.15466-9-p.yadav@ti.com/
>
> --
> Regards,
> Pratyush Yadav
> Texas Instruments India
>
> Applied to u-boot-dm, thanks!
Thanks. BTW, your script seems to be misbehaving. It didn't quote the
text in my original email with "> ".
--
Regards,
Pratyush Yadav
Texas Instruments India
More information about the U-Boot
mailing list