From patchwork Mon Mar 11 12:01:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quentin Schulz X-Patchwork-Id: 1910409 X-Patchwork-Delegate: ykai007@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Ttb543Zy6z1yWy for ; Mon, 11 Mar 2024 23:03:04 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5C6A787F47; Mon, 11 Mar 2024 13:02:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=0leil.net Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 0546987E44; Mon, 11 Mar 2024 13:02:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.2 Received: from smtp-bc0d.mail.infomaniak.ch (smtp-bc0d.mail.infomaniak.ch [45.157.188.13]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DB34187E64 for ; Mon, 11 Mar 2024 13:02:48 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=0leil.net Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=foss+uboot@0leil.net Received: from smtp-3-0000.mail.infomaniak.ch (smtp-3-0000.mail.infomaniak.ch [10.4.36.107]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4Ttb4m2sM3zvvf; Mon, 11 Mar 2024 13:02:48 +0100 (CET) Received: from unknown by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4Ttb4l3FkWz3k; Mon, 11 Mar 2024 13:02:47 +0100 (CET) From: Quentin Schulz Date: Mon, 11 Mar 2024 13:01:44 +0100 Subject: [PATCH v4 01/20] rockchip: avoid out-of-bounds when computing cpuid MIME-Version: 1.0 Message-Id: <20240311-jaguar-v4-1-d2ca1af68ed3@theobroma-systems.com> References: <20240311-jaguar-v4-0-d2ca1af68ed3@theobroma-systems.com> In-Reply-To: <20240311-jaguar-v4-0-d2ca1af68ed3@theobroma-systems.com> To: Simon Glass , Philipp Tomsich , Kever Yang , Tom Rini , Alper Nebi Yasak , Peter Robinson , Jagan Teki , Klaus Goger , Heiko Stuebner , Otavio Salvador , Andy Yan , Manivannan Sadhasivam , Lukasz Majewski , Sean Anderson , Joe Hershberger , Ramon Fried , Sughosh Ganu , Heinrich Schuchardt , Anatolij Gustschin Cc: Dragan Simic , u-boot@lists.denx.de, Quentin Schulz , Quentin Schulz X-Mailer: b4 0.13.0 X-Infomaniak-Routing: alpha X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Quentin Schulz The expected length of the cpuid, as passed with cpuid_length, determines the size of cpuid_str string. Therefore, care should be taken to make sure nothing is accessing data out-of-bounds. Instead of using hardcoded values, derive them from cpuid_length. Cc: Quentin Schulz Reviewed-by: Kever Yang Reviewed-by: Dragan Simic Signed-off-by: Quentin Schulz --- arch/arm/mach-rockchip/misc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-rockchip/misc.c b/arch/arm/mach-rockchip/misc.c index 7d03f0c2b67..15397cff009 100644 --- a/arch/arm/mach-rockchip/misc.c +++ b/arch/arm/mach-rockchip/misc.c @@ -102,7 +102,7 @@ int rockchip_cpuid_set(const u8 *cpuid, const u32 cpuid_length) int i; memset(cpuid_str, 0, sizeof(cpuid_str)); - for (i = 0; i < 16; i++) + for (i = 0; i < cpuid_length; i++) sprintf(&cpuid_str[i * 2], "%02x", cpuid[i]); debug("cpuid: %s\n", cpuid_str); @@ -111,13 +111,13 @@ int rockchip_cpuid_set(const u8 *cpuid, const u32 cpuid_length) * Mix the cpuid bytes using the same rules as in * ${linux}/drivers/soc/rockchip/rockchip-cpuinfo.c */ - for (i = 0; i < 8; i++) { + for (i = 0; i < cpuid_length / 2; i++) { low[i] = cpuid[1 + (i << 1)]; high[i] = cpuid[i << 1]; } - serialno = crc32_no_comp(0, low, 8); - serialno |= (u64)crc32_no_comp(serialno, high, 8) << 32; + serialno = crc32_no_comp(0, low, cpuid_length / 2); + serialno |= (u64)crc32_no_comp(serialno, high, cpuid_length / 2) << 32; snprintf(serialno_str, sizeof(serialno_str), "%016llx", serialno); oldid = env_get("cpuid#");