From fae242db5e1943ba878b4fb215fe6e7f1c387a20 Mon Sep 17 00:00:00 2001 From: Tony Truong Date: Fri, 6 Jan 2017 14:03:03 -0800 Subject: msm: pcie: add bounds check for debugfs register write Via debugfs nodes, users have the option to read and write to any PCIe register. To ensure clients do not access registers outside the PCIe range, add checks to validate the offset clients provide. Bug: 33039685 Change-Id: Ia35cd04c57f01c21a47962be596bca395b5ca247 Signed-off-by: Tony Truong --- drivers/pci/host/pci-msm.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/pci/host/pci-msm.c b/drivers/pci/host/pci-msm.c index 1b80fa1..ffaa059 100644 --- a/drivers/pci/host/pci-msm.c +++ b/drivers/pci/host/pci-msm.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -1691,8 +1691,15 @@ static void msm_pcie_sel_debug_testcase(struct msm_pcie_dev_t *dev, dev->res[base_sel - 1].base, wr_offset, wr_mask, wr_value); - msm_pcie_write_reg_field(dev->res[base_sel - 1].base, - wr_offset, wr_mask, wr_value); + base_sel_size = resource_size(dev->res[base_sel - 1].resource); + + if (wr_offset > base_sel_size - 4 || + msm_pcie_check_align(dev, wr_offset)) + pr_alert("PCIe: RC%d: Invalid wr_offset: 0x%x. wr_offset should be no more than 0x%x\n", + dev->rc_idx, wr_offset, base_sel_size - 4); + else + msm_pcie_write_reg_field(dev->res[base_sel - 1].base, + wr_offset, wr_mask, wr_value); break; case 13: /* dump all registers of base_sel */ -- cgit v1.1