From: srinivas.kandagatla@linaro.org (Srinivas Kandagatla)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/2] firmware: meson-sm: Check for buffer output size
Date: Wed, 22 Mar 2017 16:28:20 +0000 [thread overview]
Message-ID: <7b026b39-1d37-fbfc-192a-d21a4f43aa48@linaro.org> (raw)
In-Reply-To: <20170303151759.8330-2-carlo@caione.org>
On 03/03/17 15:17, Carlo Caione wrote:
> From: Carlo Caione <carlo@endlessm.com>
>
> After the data is read by the secure monitor driver it is being copied
> in the output buffer checking only the size of the bounce buffer but not
> the size of the output buffer.
>
> Fix this in the secure monitor driver slightly changing the API. Fix
> also the efuse driver that it is the only driver using this API to not
> break bisectability.
>
> Signed-off-by: Carlo Caione <carlo@endlessm.com>
Sorry for the delay!!
For nvmem part,
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
> ---
> drivers/firmware/meson/meson_sm.c | 10 +++++++---
> drivers/nvmem/meson-efuse.c | 2 +-
> include/linux/firmware/meson/meson_sm.h | 4 ++--
> 3 files changed, 10 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/firmware/meson/meson_sm.c b/drivers/firmware/meson/meson_sm.c
> index b0d254930ed3..5f30a5774e57 100644
> --- a/drivers/firmware/meson/meson_sm.c
> +++ b/drivers/firmware/meson/meson_sm.c
> @@ -127,6 +127,7 @@ EXPORT_SYMBOL(meson_sm_call);
> * meson_sm_call_read - retrieve data from secure-monitor
> *
> * @buffer: Buffer to store the retrieved data
> + * @bsize: Size of the buffer
> * @cmd_index: Index of the SMC32 function ID
> * @arg0: SMC32 Argument 0
> * @arg1: SMC32 Argument 1
> @@ -136,8 +137,8 @@ EXPORT_SYMBOL(meson_sm_call);
> *
> * Return: size of read data on success, a negative value on error
> */
> -int meson_sm_call_read(void *buffer, unsigned int cmd_index, u32 arg0,
> - u32 arg1, u32 arg2, u32 arg3, u32 arg4)
> +int meson_sm_call_read(void *buffer, unsigned int bsize, unsigned int cmd_index,
> + u32 arg0, u32 arg1, u32 arg2, u32 arg3, u32 arg4)
> {
> u32 size;
>
> @@ -147,10 +148,13 @@ int meson_sm_call_read(void *buffer, unsigned int cmd_index, u32 arg0,
> if (!fw.chip->cmd_shmem_out_base)
> return -EINVAL;
>
> + if (bsize > fw.chip->shmem_size)
> + return -EINVAL;
> +
> if (meson_sm_call(cmd_index, &size, arg0, arg1, arg2, arg3, arg4) < 0)
> return -EINVAL;
>
> - if (!size || size > fw.chip->shmem_size)
> + if (!size || size > bsize)
> return -EINVAL;
>
> if (buffer)
> diff --git a/drivers/nvmem/meson-efuse.c b/drivers/nvmem/meson-efuse.c
> index f207c3b10482..70bfc9839bb2 100644
> --- a/drivers/nvmem/meson-efuse.c
> +++ b/drivers/nvmem/meson-efuse.c
> @@ -27,7 +27,7 @@ static int meson_efuse_read(void *context, unsigned int offset,
> u8 *buf = val;
> int ret;
>
> - ret = meson_sm_call_read(buf, SM_EFUSE_READ, offset,
> + ret = meson_sm_call_read(buf, bytes, SM_EFUSE_READ, offset,
> bytes, 0, 0, 0);
> if (ret < 0)
> return ret;
> diff --git a/include/linux/firmware/meson/meson_sm.h b/include/linux/firmware/meson/meson_sm.h
> index 8e953c6f394a..37a5eaea69dd 100644
> --- a/include/linux/firmware/meson/meson_sm.h
> +++ b/include/linux/firmware/meson/meson_sm.h
> @@ -25,7 +25,7 @@ int meson_sm_call(unsigned int cmd_index, u32 *ret, u32 arg0, u32 arg1,
> u32 arg2, u32 arg3, u32 arg4);
> int meson_sm_call_write(void *buffer, unsigned int b_size, unsigned int cmd_index,
> u32 arg0, u32 arg1, u32 arg2, u32 arg3, u32 arg4);
> -int meson_sm_call_read(void *buffer, unsigned int cmd_index, u32 arg0, u32 arg1,
> - u32 arg2, u32 arg3, u32 arg4);
> +int meson_sm_call_read(void *buffer, unsigned int bsize, unsigned int cmd_index,
> + u32 arg0, u32 arg1, u32 arg2, u32 arg3, u32 arg4);
>
> #endif /* _MESON_SM_FW_H_ */
>
next prev parent reply other threads:[~2017-03-22 16:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 15:17 [PATCH 0/2] meson-sm: Fix issues when reading data from sm Carlo Caione
2017-03-03 15:17 ` [PATCH 1/2] firmware: meson-sm: Check for buffer output size Carlo Caione
2017-03-22 16:28 ` Srinivas Kandagatla [this message]
2017-03-03 15:17 ` [PATCH 2/2] firmware: meson-sm: Allow 0 as valid return value Carlo Caione
2017-03-22 15:55 ` [PATCH 0/2] meson-sm: Fix issues when reading data from sm Kevin Hilman
2017-03-23 10:31 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b026b39-1d37-fbfc-192a-d21a4f43aa48@linaro.org \
--to=srinivas.kandagatla@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).