diff mbox series

[6/6] arm: socfpga: Enhance checking on potential overwrite

Message ID 20221211130644.24832-6-jit.loon.lim@intel.com
State Needs Review / ACK, archived
Delegated to: Marek Vasut
Headers show
Series [1/6] doc: dtbinding: Add doc for privilege regs settings | expand

Commit Message

Jit Loon Lim Dec. 11, 2022, 1:06 p.m. UTC 
From: Tien Fong Chee <tien.fong.chee@intel.com>

Each register 4 bytes write, there is a potential that user setting
an invalid offset which is less than block size, but overflow the block
size when writing the register. This patch prevents this overwrite issue
by checking earlier before starting any register write.

Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
---
 drivers/misc/socfpga_secreg.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/drivers/misc/socfpga_secreg.c b/drivers/misc/socfpga_secreg.c
index a4b297e7f1..0ea30c254b 100644
--- a/drivers/misc/socfpga_secreg.c
+++ b/drivers/misc/socfpga_secreg.c
@@ -8,6 +8,7 @@ 
 #include <common.h>
 #include <dm.h>
 #include <errno.h>
+#include <linux/sizes.h>
 
 static int socfpga_secreg_probe(struct udevice *dev)
 {
@@ -53,10 +54,10 @@  static int socfpga_secreg_probe(struct udevice *dev)
 			debug("%s(intel,offset-settings 0x%llx : 0x%llx)\n",
 			      __func__, offset, val);
 
-			if (blk_sz <= offset) {
-				printf("%s: Overflow as offset 0x%llx",
+			if (blk_sz < offset + SZ_4) {
+				printf("%s: Overflow as offset 0x%llx or reg",
 				       __func__, offset);
-				printf(" is larger than block size 0x%x\n",
+				printf(" write is more than block size 0x%x\n",
 				       blk_sz);
 				return -EINVAL;
 			}