From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1661AC433F5 for ; Thu, 31 Mar 2022 10:12:28 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7157584215; Thu, 31 Mar 2022 12:12:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="CKsxbmni"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D43A3841F7; Thu, 31 Mar 2022 12:10:31 +0200 (CEST) Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [IPv6:2a00:1450:4864:20::34a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 59C4F841FB for ; Thu, 31 Mar 2022 12:10:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3C35FYgYKBjYSkUmddYggYdW.Ugem-Tggldaklk.VWfp.VW@flex--ascull.bounces.google.com Received: by mail-wm1-x34a.google.com with SMTP id i184-20020a1c3bc1000000b0038e4c5968b5so41860wma.0 for ; Thu, 31 Mar 2022 03:10:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=gMjn7Iu4FH1EhXLJzvtkWkbwqqvC4g89XlMxM7CZ5mg=; b=CKsxbmniQG+/2wSJCawNguwPxlxRBUt7Su37NPdqoS3fLDoE53lv2jsCzJWj7jPohA 8kQnkAJqRXieJmydev/sziga+ZTEQpXQ0zpvLX+VvoMWD85KJDl3JEMEUuLCcg83QXtM FE1d1hS7l01UvdfRBdHwtg9OfAAhrVMSOWSp6Y4cVRWvpa7fPSdBpMRb0cJU+jI7lwNm DLgQGE+hoL8DbMVZCFL06RdadxaFIcTpL7yOBkYbYiH8cEP2etMOZJAXpIZJnvZEBmWa J4Drg62YwSHBypFYpcMFb6Pi3wRnXyG8HZ3V6wVj1pEE7hFafjLoHetE0XjUiajCUK0C l8NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=gMjn7Iu4FH1EhXLJzvtkWkbwqqvC4g89XlMxM7CZ5mg=; b=u5UK25+RnNDKd8ohMy8Ql85sJjOyr8lk2PkJW9TE+eLaAkhCD1BUmTt2C6y+PGT/Jj b9u/Qxi3SjzTxylf9fkTr+0e0G5P8I1ukX/jsOnCH1kxVwD3gmTJj6s0qJaLnE9RmIhR 3xy7OLCxrxcDKzSQ1ycw5GyzUTh52nEvorYUR0lFn10tghXRnwNKpRCF/ZCUTQ9uDW0+ KOdBo0+Djm/qsNaxHla6fJViK1HEq+6u1BV9eoA0v2GZzF1b6u7La+rtiueAAZRwHg4D V24Q6uX48mMEBKW1OeADHTQ/1w7uQchsUB7Hp9aty4nKuHa4pma8lXDk2CfIVE1mFmz2 19xg== X-Gm-Message-State: AOAM532NRZmUkr1zEbnq0Kzi9gPa0fyIij+v12M2NGsA+umhkTix5++f rzS3Nbg0/xhfrfJSqPWRio9Lr4EQo52uxvc7dRTxehy5uF/W20qZZsCMYE9h56PprrkSSAirdff +tmkWI49PeqfAuR01O7E/XBbR+9shITBzDr30/ezoJODlS8yF1inHg0jfgfA= X-Google-Smtp-Source: ABdhPJxNnzgJvDfaKbQN2BVXl88nRfYMv240InsEbeh3zczPxx3LFpkKSfPm9Zwgbg+70pV7ls3HhoY7Tm0= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a05:6000:18ac:b0:205:a73f:8288 with SMTP id b12-20020a05600018ac00b00205a73f8288mr3625909wri.172.1648721419839; Thu, 31 Mar 2022 03:10:19 -0700 (PDT) Date: Thu, 31 Mar 2022 10:09:48 +0000 In-Reply-To: <20220331100949.3637425-1-ascull@google.com> Message-Id: <20220331100949.3637425-11-ascull@google.com> Mime-Version: 1.0 References: <20220331100949.3637425-1-ascull@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 10/11] virtio: rng: Check length before copying From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, bmeng.cn@gmail.com, adelva@google.com, keirf@google.com, ptosi@google.com, Andrew Scull , Sughosh Ganu Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Check the length of data written by the device is consistent with the size of the buffers to avoid out-of-bounds memory accesses in case values aren't consistent. Signed-off-by: Andrew Scull Cc: Sughosh Ganu --- drivers/virtio/virtio_rng.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/virtio/virtio_rng.c b/drivers/virtio/virtio_rng.c index 9314c0a03e..b85545c2ee 100644 --- a/drivers/virtio/virtio_rng.c +++ b/drivers/virtio/virtio_rng.c @@ -41,6 +41,9 @@ static int virtio_rng_read(struct udevice *dev, void *data, size_t len) while (!virtqueue_get_buf(priv->rng_vq, &rsize)) ; + if (rsize > sg.length) + return -EIO; + memcpy(ptr, buf, rsize); len -= rsize; ptr += rsize; -- 2.35.1.1094.g7c7d902a7c-goog