[PATCH 6/6] arm: socfpga: Enhance checking on potential overwrite
Jit Loon Lim
jit.loon.lim at intel.com
Sun Dec 11 14:06:44 CET 2022
From: Tien Fong Chee <tien.fong.chee at intel.com>
Each register 4 bytes write, there is a potential that user setting
an invalid offset which is less than block size, but overflow the block
size when writing the register. This patch prevents this overwrite issue
by checking earlier before starting any register write.
Signed-off-by: Tien Fong Chee <tien.fong.chee at intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim at intel.com>
---
drivers/misc/socfpga_secreg.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/socfpga_secreg.c b/drivers/misc/socfpga_secreg.c
index a4b297e7f1..0ea30c254b 100644
--- a/drivers/misc/socfpga_secreg.c
+++ b/drivers/misc/socfpga_secreg.c
@@ -8,6 +8,7 @@
#include <common.h>
#include <dm.h>
#include <errno.h>
+#include <linux/sizes.h>
static int socfpga_secreg_probe(struct udevice *dev)
{
@@ -53,10 +54,10 @@ static int socfpga_secreg_probe(struct udevice *dev)
debug("%s(intel,offset-settings 0x%llx : 0x%llx)\n",
__func__, offset, val);
- if (blk_sz <= offset) {
- printf("%s: Overflow as offset 0x%llx",
+ if (blk_sz < offset + SZ_4) {
+ printf("%s: Overflow as offset 0x%llx or reg",
__func__, offset);
- printf(" is larger than block size 0x%x\n",
+ printf(" write is more than block size 0x%x\n",
blk_sz);
return -EINVAL;
}
--
2.26.2
More information about the U-Boot
mailing list