From: Yong Wu <yong.wu@mediatek.com>
To: Joerg Roedel <joro@8bytes.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Will Deacon <will@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>, <iommu@lists.linux.dev>,
<iommu@lists.linux-foundation.org>,
<linux-mediatek@lists.infradead.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, "Yong Wu" <yong.wu@mediatek.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
<mingyuan.ma@mediatek.com>, <yf.wang@mediatek.com>,
<libo.kang@mediatek.com>, <chengci.xu@mediatek.com>,
<youlin.pei@mediatek.com>, <anan.sun@mediatek.com>,
<xueqi.zhang@mediatek.com>, Guenter Roeck <groeck@chromium.org>,
"Dan Carpenter" <dan.carpenter@oracle.com>
Subject: [PATCH v4 4/6] iommu/mediatek: Validate number of phandles associated with "mediatek,larbs"
Date: Wed, 24 Aug 2022 14:43:04 +0800 [thread overview]
Message-ID: <20220824064306.21495-5-yong.wu@mediatek.com> (raw)
In-Reply-To: <20220824064306.21495-1-yong.wu@mediatek.com>
From: Guenter Roeck <groeck@chromium.org>
Fix the smatch warnings:
drivers/iommu/mtk_iommu.c:878 mtk_iommu_mm_dts_parse() error: uninitialized
symbol 'larbnode'.
If someone abuse the dtsi node(Don't follow the definition of dt-binding),
for example "mediatek,larbs" is provided as boolean property, "larb_nr"
will be zero and cause abnormal.
To fix this problem and improve the code safety, add some checking
for the invalid input from dtsi, e.g. checking the larb_nr/larbid valid
range, and avoid "mediatek,larb-id" property conflicts in the smi-larb
nodes.
Fixes: d2e9a1102cfc ("iommu/mediatek: Contain MM IOMMU flow with the MM TYPE")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
---
drivers/iommu/mtk_iommu.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c
index f63d4210043d..21195ac060f1 100644
--- a/drivers/iommu/mtk_iommu.c
+++ b/drivers/iommu/mtk_iommu.c
@@ -1048,6 +1048,8 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
larb_nr = of_count_phandle_with_args(dev->of_node, "mediatek,larbs", NULL);
if (larb_nr < 0)
return larb_nr;
+ if (larb_nr == 0 || larb_nr > MTK_LARB_NR_MAX)
+ return -EINVAL;
for (i = 0; i < larb_nr; i++) {
u32 id;
@@ -1066,6 +1068,11 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
ret = of_property_read_u32(larbnode, "mediatek,larb-id", &id);
if (ret)/* The id is consecutive if there is no this property */
id = i;
+ if (id >= MTK_LARB_NR_MAX) {
+ of_node_put(larbnode);
+ ret = -EINVAL;
+ goto err_larbdev_put;
+ }
plarbdev = of_find_device_by_node(larbnode);
of_node_put(larbnode);
@@ -1073,6 +1080,11 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
ret = -ENODEV;
goto err_larbdev_put;
}
+ if (data->larb_imu[id].dev) {
+ platform_device_put(plarbdev);
+ ret = -EEXIST;
+ goto err_larbdev_put;
+ }
data->larb_imu[id].dev = &plarbdev->dev;
if (!plarbdev->dev.driver) {
--
2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Yong Wu <yong.wu@mediatek.com>
To: Joerg Roedel <joro@8bytes.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Will Deacon <will@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>, <iommu@lists.linux.dev>,
<iommu@lists.linux-foundation.org>,
<linux-mediatek@lists.infradead.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, "Yong Wu" <yong.wu@mediatek.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
<mingyuan.ma@mediatek.com>, <yf.wang@mediatek.com>,
<libo.kang@mediatek.com>, <chengci.xu@mediatek.com>,
<youlin.pei@mediatek.com>, <anan.sun@mediatek.com>,
<xueqi.zhang@mediatek.com>, Guenter Roeck <groeck@chromium.org>,
"Dan Carpenter" <dan.carpenter@oracle.com>
Subject: [PATCH v4 4/6] iommu/mediatek: Validate number of phandles associated with "mediatek,larbs"
Date: Wed, 24 Aug 2022 14:43:04 +0800 [thread overview]
Message-ID: <20220824064306.21495-5-yong.wu@mediatek.com> (raw)
In-Reply-To: <20220824064306.21495-1-yong.wu@mediatek.com>
From: Guenter Roeck <groeck@chromium.org>
Fix the smatch warnings:
drivers/iommu/mtk_iommu.c:878 mtk_iommu_mm_dts_parse() error: uninitialized
symbol 'larbnode'.
If someone abuse the dtsi node(Don't follow the definition of dt-binding),
for example "mediatek,larbs" is provided as boolean property, "larb_nr"
will be zero and cause abnormal.
To fix this problem and improve the code safety, add some checking
for the invalid input from dtsi, e.g. checking the larb_nr/larbid valid
range, and avoid "mediatek,larb-id" property conflicts in the smi-larb
nodes.
Fixes: d2e9a1102cfc ("iommu/mediatek: Contain MM IOMMU flow with the MM TYPE")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
---
drivers/iommu/mtk_iommu.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c
index f63d4210043d..21195ac060f1 100644
--- a/drivers/iommu/mtk_iommu.c
+++ b/drivers/iommu/mtk_iommu.c
@@ -1048,6 +1048,8 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
larb_nr = of_count_phandle_with_args(dev->of_node, "mediatek,larbs", NULL);
if (larb_nr < 0)
return larb_nr;
+ if (larb_nr == 0 || larb_nr > MTK_LARB_NR_MAX)
+ return -EINVAL;
for (i = 0; i < larb_nr; i++) {
u32 id;
@@ -1066,6 +1068,11 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
ret = of_property_read_u32(larbnode, "mediatek,larb-id", &id);
if (ret)/* The id is consecutive if there is no this property */
id = i;
+ if (id >= MTK_LARB_NR_MAX) {
+ of_node_put(larbnode);
+ ret = -EINVAL;
+ goto err_larbdev_put;
+ }
plarbdev = of_find_device_by_node(larbnode);
of_node_put(larbnode);
@@ -1073,6 +1080,11 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m
ret = -ENODEV;
goto err_larbdev_put;
}
+ if (data->larb_imu[id].dev) {
+ platform_device_put(plarbdev);
+ ret = -EEXIST;
+ goto err_larbdev_put;
+ }
data->larb_imu[id].dev = &plarbdev->dev;
if (!plarbdev->dev.driver) {
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-08-24 6:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-24 6:43 [PATCH v4 0/6] iommu/mediatek: Improve safety from invalid dts input Yong Wu
2022-08-24 6:43 ` Yong Wu
2022-08-24 6:43 ` [PATCH v4 1/6] iommu/mediatek: Add platform_device_put for recovering the device refcnt Yong Wu
2022-08-24 6:43 ` Yong Wu
2022-08-30 8:16 ` AngeloGioacchino Del Regno
2022-08-30 8:16 ` AngeloGioacchino Del Regno
2022-08-24 6:43 ` [PATCH v4 2/6] iommu/mediatek: Use component_match_add Yong Wu
2022-08-24 6:43 ` Yong Wu
2022-08-24 6:43 ` [PATCH v4 3/6] iommu/mediatek: Add error path for loop of mm_dts_parse Yong Wu
2022-08-24 6:43 ` Yong Wu
2022-08-30 8:14 ` AngeloGioacchino Del Regno
2022-08-30 8:14 ` AngeloGioacchino Del Regno
2022-09-07 3:08 ` Yong Wu
2022-09-07 3:08 ` Yong Wu
2022-08-30 8:32 ` Dan Carpenter
2022-08-30 8:32 ` Dan Carpenter
2022-09-07 3:10 ` Yong Wu
2022-09-07 3:10 ` Yong Wu
2022-08-24 6:43 ` Yong Wu [this message]
2022-08-24 6:43 ` [PATCH v4 4/6] iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" Yong Wu
2022-08-24 6:43 ` [PATCH v4 5/6] iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Yong Wu
2022-08-24 6:43 ` Yong Wu
2022-08-30 8:16 ` AngeloGioacchino Del Regno
2022-08-30 8:16 ` AngeloGioacchino Del Regno
2022-08-24 6:43 ` [PATCH v4 6/6] iommu/mediatek: Remove unused "mapping" member from mtk_iommu_data Yong Wu
2022-08-24 6:43 ` Yong Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220824064306.21495-5-yong.wu@mediatek.com \
--to=yong.wu@mediatek.com \
--cc=anan.sun@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=chengci.xu@mediatek.com \
--cc=dan.carpenter@oracle.com \
--cc=groeck@chromium.org \
--cc=iommu@lists.linux-foundation.org \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=libo.kang@mediatek.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=mingyuan.ma@mediatek.com \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
--cc=xueqi.zhang@mediatek.com \
--cc=yf.wang@mediatek.com \
--cc=youlin.pei@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.