From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Bhaumik Bhatt <bbhatt@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
loic.poulain@linaro.org, linux-wireless@vger.kernel.org,
kvalo@codeaurora.org, ath11k@lists.infradead.org
Subject: Re: [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe
Date: Fri, 21 May 2021 19:24:37 +0530 [thread overview]
Message-ID: <20210521135437.GN70095@thinkpad> (raw)
In-Reply-To: <1620330705-40192-7-git-send-email-bbhatt@codeaurora.org>
On Thu, May 06, 2021 at 12:51:45PM -0700, Bhaumik Bhatt wrote:
> When obtaining the BHI or BHIe offsets during the power up
> preparation phase, range checks are missing. These can help
> controller drivers avoid accessing any address outside of the
> MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI
> registration as it is a required field and range checks will
> fail without it.
>
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 1cc2f22..aeb1e3c 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl,
> if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs ||
> !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put ||
> !mhi_cntrl->status_cb || !mhi_cntrl->read_reg ||
> - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq)
> + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs ||
> + !mhi_cntrl->irq || !mhi_cntrl->reg_len)
> return -EINVAL;
>
> ret = parse_config(mhi_cntrl, config);
> @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHI offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhi_off >= mhi_cntrl->reg_len) {
> + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n",
> + bhi_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
>
> if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
> @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHIE offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhie_off >= mhi_cntrl->reg_len) {
> + dev_err(dev,
> + "BHIe offset: 0x%x is out of range: 0x%zx\n",
> + bhie_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
> }
>
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
WARNING: multiple messages have this Message-ID (diff)
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Bhaumik Bhatt <bbhatt@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
loic.poulain@linaro.org, linux-wireless@vger.kernel.org,
kvalo@codeaurora.org, ath11k@lists.infradead.org
Subject: Re: [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe
Date: Fri, 21 May 2021 19:24:37 +0530 [thread overview]
Message-ID: <20210521135437.GN70095@thinkpad> (raw)
In-Reply-To: <1620330705-40192-7-git-send-email-bbhatt@codeaurora.org>
On Thu, May 06, 2021 at 12:51:45PM -0700, Bhaumik Bhatt wrote:
> When obtaining the BHI or BHIe offsets during the power up
> preparation phase, range checks are missing. These can help
> controller drivers avoid accessing any address outside of the
> MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI
> registration as it is a required field and range checks will
> fail without it.
>
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 1cc2f22..aeb1e3c 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl,
> if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs ||
> !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put ||
> !mhi_cntrl->status_cb || !mhi_cntrl->read_reg ||
> - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq)
> + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs ||
> + !mhi_cntrl->irq || !mhi_cntrl->reg_len)
> return -EINVAL;
>
> ret = parse_config(mhi_cntrl, config);
> @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHI offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhi_off >= mhi_cntrl->reg_len) {
> + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n",
> + bhi_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
>
> if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
> @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHIE offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhie_off >= mhi_cntrl->reg_len) {
> + dev_err(dev,
> + "BHIe offset: 0x%x is out of range: 0x%zx\n",
> + bhie_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
> }
>
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
next prev parent reply other threads:[~2021-05-21 13:54 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-06 19:51 [PATCH v4 0/6] BHI/BHIe improvements for MHI power purposes Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-06 19:51 ` [PATCH v4 1/6] bus: mhi: core: Set BHI/BHIe offsets on power up preparation Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:36 ` Manivannan Sadhasivam
2021-05-21 13:36 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 2/6] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:37 ` Manivannan Sadhasivam
2021-05-21 13:37 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 3/6] bus: mhi: Add MMIO region length to controller structure Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:38 ` Manivannan Sadhasivam
2021-05-21 13:38 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 4/6] ath11k: set register access length for MHI driver Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:51 ` Manivannan Sadhasivam
2021-05-21 13:51 ` Manivannan Sadhasivam
2021-06-14 16:02 ` Kalle Valo
2021-06-14 16:02 ` Kalle Valo
2021-06-14 17:49 ` Bhaumik Bhatt
2021-06-14 17:49 ` Bhaumik Bhatt
2021-06-16 17:38 ` Bhaumik Bhatt
2021-06-16 17:38 ` Bhaumik Bhatt
2021-06-18 6:45 ` Manivannan Sadhasivam
2021-06-18 6:45 ` Manivannan Sadhasivam
2021-06-23 17:29 ` Kalle Valo
2021-06-23 17:29 ` Kalle Valo
2021-06-24 6:09 ` Manivannan Sadhasivam
2021-06-24 6:09 ` Manivannan Sadhasivam
2021-06-23 17:34 ` Kalle Valo
2021-06-23 17:34 ` Kalle Valo
2021-06-23 21:33 ` Bhaumik Bhatt
2021-06-23 21:33 ` Bhaumik Bhatt
2021-05-06 19:51 ` [PATCH v4 5/6] bus: mhi: pci_generic: Set " Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:52 ` Manivannan Sadhasivam
2021-05-21 13:52 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-07 2:33 ` Hemant Kumar
2021-05-07 2:33 ` Hemant Kumar
2021-05-21 13:54 ` Manivannan Sadhasivam [this message]
2021-05-21 13:54 ` Manivannan Sadhasivam
2021-06-25 5:28 ` [PATCH v4 0/6] BHI/BHIe improvements for MHI power purposes Manivannan Sadhasivam
2021-06-25 5:28 ` Manivannan Sadhasivam
-- strict thread matches above, loose matches on Subject: below --
2021-05-06 19:32 Bhaumik Bhatt
2021-05-06 19:32 ` [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe Bhaumik Bhatt
2021-05-06 19:32 ` Bhaumik Bhatt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521135437.GN70095@thinkpad \
--to=manivannan.sadhasivam@linaro.org \
--cc=ath11k@lists.infradead.org \
--cc=bbhatt@codeaurora.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=kvalo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=loic.poulain@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.