From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Bhaumik Bhatt <bbhatt@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
loic.poulain@linaro.org, linux-wireless@vger.kernel.org,
kvalo@codeaurora.org, ath11k@lists.infradead.org
Subject: Re: [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe
Date: Fri, 21 May 2021 19:24:37 +0530 [thread overview]
Message-ID: <20210521135437.GN70095@thinkpad> (raw)
In-Reply-To: <1620330705-40192-7-git-send-email-bbhatt@codeaurora.org>
On Thu, May 06, 2021 at 12:51:45PM -0700, Bhaumik Bhatt wrote:
> When obtaining the BHI or BHIe offsets during the power up
> preparation phase, range checks are missing. These can help
> controller drivers avoid accessing any address outside of the
> MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI
> registration as it is a required field and range checks will
> fail without it.
>
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 1cc2f22..aeb1e3c 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl,
> if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs ||
> !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put ||
> !mhi_cntrl->status_cb || !mhi_cntrl->read_reg ||
> - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq)
> + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs ||
> + !mhi_cntrl->irq || !mhi_cntrl->reg_len)
> return -EINVAL;
>
> ret = parse_config(mhi_cntrl, config);
> @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHI offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhi_off >= mhi_cntrl->reg_len) {
> + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n",
> + bhi_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
>
> if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
> @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHIE offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhie_off >= mhi_cntrl->reg_len) {
> + dev_err(dev,
> + "BHIe offset: 0x%x is out of range: 0x%zx\n",
> + bhie_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
> }
>
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
WARNING: multiple messages have this Message-ID
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Bhaumik Bhatt <bbhatt@codeaurora.org>
Cc: linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
jhugo@codeaurora.org, linux-kernel@vger.kernel.org,
loic.poulain@linaro.org, linux-wireless@vger.kernel.org,
kvalo@codeaurora.org, ath11k@lists.infradead.org
Subject: Re: [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe
Date: Fri, 21 May 2021 19:24:37 +0530 [thread overview]
Message-ID: <20210521135437.GN70095@thinkpad> (raw)
In-Reply-To: <1620330705-40192-7-git-send-email-bbhatt@codeaurora.org>
On Thu, May 06, 2021 at 12:51:45PM -0700, Bhaumik Bhatt wrote:
> When obtaining the BHI or BHIe offsets during the power up
> preparation phase, range checks are missing. These can help
> controller drivers avoid accessing any address outside of the
> MMIO region. Ensure that mhi_cntrl->reg_len is set before MHI
> registration as it is a required field and range checks will
> fail without it.
>
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 1cc2f22..aeb1e3c 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -885,7 +885,8 @@ int mhi_register_controller(struct mhi_controller *mhi_cntrl,
> if (!mhi_cntrl || !mhi_cntrl->cntrl_dev || !mhi_cntrl->regs ||
> !mhi_cntrl->runtime_get || !mhi_cntrl->runtime_put ||
> !mhi_cntrl->status_cb || !mhi_cntrl->read_reg ||
> - !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs || !mhi_cntrl->irq)
> + !mhi_cntrl->write_reg || !mhi_cntrl->nr_irqs ||
> + !mhi_cntrl->irq || !mhi_cntrl->reg_len)
> return -EINVAL;
>
> ret = parse_config(mhi_cntrl, config);
> @@ -1077,6 +1078,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHI offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhi_off >= mhi_cntrl->reg_len) {
> + dev_err(dev, "BHI offset: 0x%x is out of range: 0x%zx\n",
> + bhi_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhi = mhi_cntrl->regs + bhi_off;
>
> if (mhi_cntrl->fbc_download || mhi_cntrl->rddm_size) {
> @@ -1086,6 +1094,14 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> dev_err(dev, "Error getting BHIE offset\n");
> goto error_reg_offset;
> }
> +
> + if (bhie_off >= mhi_cntrl->reg_len) {
> + dev_err(dev,
> + "BHIe offset: 0x%x is out of range: 0x%zx\n",
> + bhie_off, mhi_cntrl->reg_len);
> + ret = -EINVAL;
> + goto error_reg_offset;
> + }
> mhi_cntrl->bhie = mhi_cntrl->regs + bhie_off;
> }
>
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
next prev parent reply other threads:[~2021-05-21 13:54 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-06 19:51 [PATCH v4 0/6] BHI/BHIe improvements for MHI power purposes Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-06 19:51 ` [PATCH v4 1/6] bus: mhi: core: Set BHI/BHIe offsets on power up preparation Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:36 ` Manivannan Sadhasivam
2021-05-21 13:36 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 2/6] bus: mhi: core: Set BHI and BHIe pointers to NULL in clean-up Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:37 ` Manivannan Sadhasivam
2021-05-21 13:37 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 3/6] bus: mhi: Add MMIO region length to controller structure Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:38 ` Manivannan Sadhasivam
2021-05-21 13:38 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 4/6] ath11k: set register access length for MHI driver Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:51 ` Manivannan Sadhasivam
2021-05-21 13:51 ` Manivannan Sadhasivam
2021-06-14 16:02 ` Kalle Valo
2021-06-14 16:02 ` Kalle Valo
2021-06-14 17:49 ` Bhaumik Bhatt
2021-06-14 17:49 ` Bhaumik Bhatt
2021-06-16 17:38 ` Bhaumik Bhatt
2021-06-16 17:38 ` Bhaumik Bhatt
2021-06-18 6:45 ` Manivannan Sadhasivam
2021-06-18 6:45 ` Manivannan Sadhasivam
2021-06-23 17:29 ` Kalle Valo
2021-06-23 17:29 ` Kalle Valo
2021-06-24 6:09 ` Manivannan Sadhasivam
2021-06-24 6:09 ` Manivannan Sadhasivam
2021-06-23 17:34 ` Kalle Valo
2021-06-23 17:34 ` Kalle Valo
2021-06-23 21:33 ` Bhaumik Bhatt
2021-06-23 21:33 ` Bhaumik Bhatt
2021-05-06 19:51 ` [PATCH v4 5/6] bus: mhi: pci_generic: Set " Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-21 13:52 ` Manivannan Sadhasivam
2021-05-21 13:52 ` Manivannan Sadhasivam
2021-05-06 19:51 ` [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe Bhaumik Bhatt
2021-05-06 19:51 ` Bhaumik Bhatt
2021-05-07 2:33 ` Hemant Kumar
2021-05-07 2:33 ` Hemant Kumar
2021-05-21 13:54 ` Manivannan Sadhasivam [this message]
2021-05-21 13:54 ` Manivannan Sadhasivam
2021-06-25 5:28 ` [PATCH v4 0/6] BHI/BHIe improvements for MHI power purposes Manivannan Sadhasivam
2021-06-25 5:28 ` Manivannan Sadhasivam
-- strict thread matches above, loose matches on Subject: below --
2021-05-06 19:32 Bhaumik Bhatt
2021-05-06 19:32 ` [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe Bhaumik Bhatt
2021-05-06 19:32 ` Bhaumik Bhatt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521135437.GN70095@thinkpad \
--to=manivannan.sadhasivam@linaro.org \
--cc=ath11k@lists.infradead.org \
--cc=bbhatt@codeaurora.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=kvalo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=loic.poulain@linaro.org \
--subject='Re: [PATCH v4 6/6] bus: mhi: core: Add range checks for BHI and BHIe' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.