diff mbox

[v5,3/3] PCI: designware: add sanity checks on the header offset in dw_pcie_cfg_read and dw_pcie_cfg_write

Message ID 1443535042-242400-4-git-send-email-gabriele.paoloni@huawei.com (mailing list archive)
State New, archived
Delegated to: Bjorn Helgaas
Headers show

Commit Message

Gabriele Paoloni Sept. 29, 2015, 1:57 p.m. UTC
From: gabriele paoloni <gabriele.paoloni@huawei.com>

This patch adds sanity checks on "where" input parameter in
dw_pcie_cfg_read and dw_pcie_cfg_write. These checks make sure
that offset passed in by the caller is not in conflict with
the size of the PCI header field that is being read/written

Signed-off-by: Gabriele Paoloni <gabriele.paoloni@huawei.com>
---
 drivers/pci/host/pcie-designware.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

Comments

Pratyush Anand Sept. 29, 2015, 3:36 p.m. UTC | #1
On Tue, Sep 29, 2015 at 7:27 PM, Gabriele Paoloni
<gabriele.paoloni@huawei.com> wrote:
> From: gabriele paoloni <gabriele.paoloni@huawei.com>
>
> This patch adds sanity checks on "where" input parameter in
> dw_pcie_cfg_read and dw_pcie_cfg_write. These checks make sure
> that offset passed in by the caller is not in conflict with
> the size of the PCI header field that is being read/written
>

I am still not convinced that we should doubt the caller..But may be I
am biased in my thoughts...
Since Bjorn has asked about it, so will take it.

> Signed-off-by: Gabriele Paoloni <gabriele.paoloni@huawei.com>
> ---
>  drivers/pci/host/pcie-designware.c | 20 ++++++++++++++------
>  1 file changed, 14 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pci/host/pcie-designware.c b/drivers/pci/host/pcie-designware.c
> index d771fa5..719d2cd 100644
> --- a/drivers/pci/host/pcie-designware.c
> +++ b/drivers/pci/host/pcie-designware.c
> @@ -82,11 +82,15 @@ static inline struct pcie_port *sys_to_pcie(struct pci_sys_data *sys)
>
>  int dw_pcie_cfg_read(void __iomem *addr, int size, u32 *val)
>  {

Wouldn't a single check would have been better
+       if ((uintptr_t)addr & (size -1))
+               return PCIBIOS_BAD_REGISTER_NUMBER;

~Pratyush
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Gabriele Paoloni Sept. 29, 2015, 3:54 p.m. UTC | #2
PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBQcmF0eXVzaCBBbmFuZCBbbWFp
bHRvOnByYXR5dXNoLmFuYW5kQGdtYWlsLmNvbV0NCj4gU2VudDogVHVlc2RheSwgU2VwdGVtYmVy
IDI5LCAyMDE1IDQ6MzYgUE0NCj4gVG86IEdhYnJpZWxlIFBhb2xvbmkNCj4gQ2M6IEJqb3JuIEhl
bGdhYXM7IEppbmdvbyBIYW47IGxpbnV4LXBjaUB2Z2VyLmtlcm5lbC5vcmc7IFdhbmd6aG91IChC
KTsNCj4gWXVhbnpoaWNoYW5nOyBaaHVkYWNhaTsgemhhbmdqdWt1bzsgcWl1emhlbmZhOyBMaWd1
b3podSAoS2VubmV0aCkNCj4gU3ViamVjdDogUmU6IFtQQVRDSCB2NSAzLzNdIFBDSTogZGVzaWdu
d2FyZTogYWRkIHNhbml0eSBjaGVja3Mgb24gdGhlDQo+IGhlYWRlciBvZmZzZXQgaW4gZHdfcGNp
ZV9jZmdfcmVhZCBhbmQgZHdfcGNpZV9jZmdfd3JpdGUNCj4gDQo+IE9uIFR1ZSwgU2VwIDI5LCAy
MDE1IGF0IDc6MjcgUE0sIEdhYnJpZWxlIFBhb2xvbmkNCj4gPGdhYnJpZWxlLnBhb2xvbmlAaHVh
d2VpLmNvbT4gd3JvdGU6DQo+ID4gRnJvbTogZ2FicmllbGUgcGFvbG9uaSA8Z2FicmllbGUucGFv
bG9uaUBodWF3ZWkuY29tPg0KPiA+DQo+ID4gVGhpcyBwYXRjaCBhZGRzIHNhbml0eSBjaGVja3Mg
b24gIndoZXJlIiBpbnB1dCBwYXJhbWV0ZXIgaW4NCj4gPiBkd19wY2llX2NmZ19yZWFkIGFuZCBk
d19wY2llX2NmZ193cml0ZS4gVGhlc2UgY2hlY2tzIG1ha2Ugc3VyZQ0KPiA+IHRoYXQgb2Zmc2V0
IHBhc3NlZCBpbiBieSB0aGUgY2FsbGVyIGlzIG5vdCBpbiBjb25mbGljdCB3aXRoDQo+ID4gdGhl
IHNpemUgb2YgdGhlIFBDSSBoZWFkZXIgZmllbGQgdGhhdCBpcyBiZWluZyByZWFkL3dyaXR0ZW4N
Cj4gPg0KPiANCj4gSSBhbSBzdGlsbCBub3QgY29udmluY2VkIHRoYXQgd2Ugc2hvdWxkIGRvdWJ0
IHRoZSBjYWxsZXIuLkJ1dCBtYXkgYmUgSQ0KPiBhbSBiaWFzZWQgaW4gbXkgdGhvdWdodHMuLi4N
Cj4gU2luY2UgQmpvcm4gaGFzIGFza2VkIGFib3V0IGl0LCBzbyB3aWxsIHRha2UgaXQuDQoNClll
cywgSSB0aGluayB0aGlzIHNob3VsZCBiZSBhIG1haW50YWluZXIgZGVjaXNpb24gYXMgaXQgaXMg
YSBtYXR0ZXIgb2YNCnRydXN0aW5nIHRoZSBjYWxsZXJzLi4uDQoNCj4gDQo+ID4gU2lnbmVkLW9m
Zi1ieTogR2FicmllbGUgUGFvbG9uaSA8Z2FicmllbGUucGFvbG9uaUBodWF3ZWkuY29tPg0KPiA+
IC0tLQ0KPiA+ICBkcml2ZXJzL3BjaS9ob3N0L3BjaWUtZGVzaWdud2FyZS5jIHwgMjAgKysrKysr
KysrKysrKystLS0tLS0NCj4gPiAgMSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKyksIDYg
ZGVsZXRpb25zKC0pDQo+ID4NCj4gPiBkaWZmIC0tZ2l0IGEvZHJpdmVycy9wY2kvaG9zdC9wY2ll
LWRlc2lnbndhcmUuYw0KPiBiL2RyaXZlcnMvcGNpL2hvc3QvcGNpZS1kZXNpZ253YXJlLmMNCj4g
PiBpbmRleCBkNzcxZmE1Li43MTlkMmNkIDEwMDY0NA0KPiA+IC0tLSBhL2RyaXZlcnMvcGNpL2hv
c3QvcGNpZS1kZXNpZ253YXJlLmMNCj4gPiArKysgYi9kcml2ZXJzL3BjaS9ob3N0L3BjaWUtZGVz
aWdud2FyZS5jDQo+ID4gQEAgLTgyLDExICs4MiwxNSBAQCBzdGF0aWMgaW5saW5lIHN0cnVjdCBw
Y2llX3BvcnQNCj4gKnN5c190b19wY2llKHN0cnVjdCBwY2lfc3lzX2RhdGEgKnN5cykNCj4gPg0K
PiA+ICBpbnQgZHdfcGNpZV9jZmdfcmVhZCh2b2lkIF9faW9tZW0gKmFkZHIsIGludCBzaXplLCB1
MzIgKnZhbCkNCj4gPiAgew0KPiANCj4gV291bGRuJ3QgYSBzaW5nbGUgY2hlY2sgd291bGQgaGF2
ZSBiZWVuIGJldHRlcg0KPiArICAgICAgIGlmICgodWludHB0cl90KWFkZHIgJiAoc2l6ZSAtMSkp
DQo+ICsgICAgICAgICAgICAgICByZXR1cm4gUENJQklPU19CQURfUkVHSVNURVJfTlVNQkVSOw0K
DQpPayBhZ3JlZWQgd2lsbCBjaGFuZ2UgaW4gdjYNCg0KVGhhbmtzDQoNCj4gDQo+IH5QcmF0eXVz
aA0K
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/drivers/pci/host/pcie-designware.c b/drivers/pci/host/pcie-designware.c
index d771fa5..719d2cd 100644
--- a/drivers/pci/host/pcie-designware.c
+++ b/drivers/pci/host/pcie-designware.c
@@ -82,11 +82,15 @@  static inline struct pcie_port *sys_to_pcie(struct pci_sys_data *sys)
 
 int dw_pcie_cfg_read(void __iomem *addr, int size, u32 *val)
 {
-	if (size == 4)
+	if (size == 4) {
+		if ((uintptr_t)addr & 3)
+			return PCIBIOS_BAD_REGISTER_NUMBER;
 		*val = readl(addr);
-	else if (size == 2)
+	} else if (size == 2) {
+		if ((uintptr_t)addr & 1)
+			return PCIBIOS_BAD_REGISTER_NUMBER;
 		*val = readw(addr);
-	else if (size == 1)
+	} else if (size == 1)
 		*val = readb(addr);
 	else
 		return PCIBIOS_BAD_REGISTER_NUMBER;
@@ -96,11 +100,15 @@  int dw_pcie_cfg_read(void __iomem *addr, int size, u32 *val)
 
 int dw_pcie_cfg_write(void __iomem *addr, int size, u32 val)
 {
-	if (size == 4)
+	if (size == 4) {
+		if ((uintptr_t)addr & 3)
+			return PCIBIOS_BAD_REGISTER_NUMBER;
 		writel(val, addr);
-	else if (size == 2)
+	} else if (size == 2) {
+		if ((uintptr_t)addr & 1)
+			return PCIBIOS_BAD_REGISTER_NUMBER;
 		writew(val, addr);
-	else if (size == 1)
+	} else if (size == 1)
 		writeb(val, addr);
 	else
 		return PCIBIOS_BAD_REGISTER_NUMBER;