From patchwork Mon Jul 29 08:07:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= X-Patchwork-Id: 13744533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4175DC3DA7F for ; Mon, 29 Jul 2024 08:08:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: Content-Type:MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=oHGbGSlCPxUn+ZqN5G7b/1110cnb669ZP9PtOzndk3A=; b=eKWJwCmXldvVqned9IhpX+U4Lk CDemdkn/v4GoQua6aMDRN4OFN7VY7bAbzMysUQdMw7ITYAFxUA+nOMaNmhKZQqkEKsK658OTowBHW TcSGnCYbQ4hoa+5DsPHr0nokVBzrvHxxh8v96eGvh0c8egYiN8M2dKTpXIDXBzFCb3XXYp6hLdPBU M1o5QCMWdBQWUJDAYHDPNEJzu7aJWaESl1/b8RpCLPNQe5JWYoItNz9783VsKzK0NA7/D+tUBHHKC K6biCpI8fRvlyQnOmQK/aEsl42I9ng9IkNDE3j38kApESx0jFWjY4zmoIx4wU8xrFk4CabcbQQ6Vg RSj5/QEg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sYLQo-0000000AU3j-139j; Mon, 29 Jul 2024 08:08:34 +0000 Received: from mail-ed1-x535.google.com ([2a00:1450:4864:20::535]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sYLQH-0000000ATpg-2Alw; Mon, 29 Jul 2024 08:08:02 +0000 Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-5b01af9b0c9so1795038a12.3; Mon, 29 Jul 2024 01:08:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722240479; x=1722845279; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=oHGbGSlCPxUn+ZqN5G7b/1110cnb669ZP9PtOzndk3A=; b=m7EHM+UanVN80alOBTp5K63N1JfpBFVBMKdiFBy6AXgExw3XQMj8X0Z6Wxvl00Cqw2 ClL4RloPSQ3j2q3qejeqbViEh27bVE4ENpXF8m8ybcuPt/GHsCHGc1klPa1BczmuTFO+ rUdL1f/iHDosrQVBCArDE8S13R5PCwPK69ZHNv7QKIgMOYlNvzyKK5BbNGW8jv6hVnUU TLXs2TWjTvWcBuTtGkmy0nVZO4Yn8/ZMZ16Hjgc78aITFSYBoPJBFF+eweaa69tgx5fB 6OsgR4R4hgAx0NHn7EZj1PIDCWn3iajDw12FsokrX8yadGb18BPwc346nu1jLz4M0qg2 /ngg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722240479; x=1722845279; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oHGbGSlCPxUn+ZqN5G7b/1110cnb669ZP9PtOzndk3A=; b=byt8pmpjlA5j/AdLoXmvZdxouTLLcgEAgep4JC9fkf0IL+n1QNs+cGWCG3cg16Y6Os Dzib8UYBgihuo/ajt6+8I5j8OU6Va9wOLkT/LYoWm1NUlCIVXlwMauHiZcOHIlGyBZgf rTO49h3CQSggPQHWDuboaSUruDrG7HRQ2Nz2/XgWxTVJen/Rsp5ClEIS27b0cJ4rmnLZ JGFWTG8Q/KhIKO2YpzE2qGaDTId1V2NJYxUA42xLhwqkMyY8EsUkA0qbTKaXrwSlYdxA knHcGXIlOiWmMXKwWwXKcPFf63agh4f7FYa6umcG+sK89w7YPRHhJwS/B2ehcAWsZXHo oOcw== X-Forwarded-Encrypted: i=1; AJvYcCWLlmXQE/TUqGlNzGgce9mQnut5QV2zMQSCZEDnBThLMtUB1HpeMbmZpChlaFpz8ue9qlzdyJh9qYUYA/RiKdAP/vlL0zLZDF7Mcne/Yifql2m1z8B0aLdqB4L3WA1Ul1214Qipx8z8OjyCc46Wdb3V+20W X-Gm-Message-State: AOJu0Yyr7TlaEfa1krTSk3yHnt5mWGcIBK56iiIyZYh34ftfOZOIZ0iK WwvlftSzizWT35CVCoh3p0Z6tsk2BmL4SyDZeuwHtuOWWzhhnVc6 X-Google-Smtp-Source: AGHT+IHs9KgAcOa/+4tdLzWcVj5u0ONMW3rbCctkdL6TLbFc9+DUAUi+r78D/O91WFvdo0PaUJ2YXQ== X-Received: by 2002:a05:6402:13d3:b0:5af:758a:6934 with SMTP id 4fb4d7f45d1cf-5b01d37bd25mr6190904a12.0.1722240478838; Mon, 29 Jul 2024 01:07:58 -0700 (PDT) Received: from localhost.lan (031011218106.poznan.vectranet.pl. [31.11.218.106]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5ac63590cedsm5352868a12.29.2024.07.29.01.07.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 01:07:58 -0700 (PDT) From: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= To: Srinivas Kandagatla , Rob Herring , Krzysztof Kozlowski , Conor Dooley Cc: Greg Kroah-Hartman , Michael Walle , Miquel Raynal , devicetree@vger.kernel.org, linux-mtd@lists.infradead.org, linux-arm-kernel@lists.infradead.org, u-boot@lists.denx.de, linux-kernel@vger.kernel.org, John Thomson , =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= Subject: [PATCH V2 1/3] nvmem: u-boot-env: error if NVMEM device is too small Date: Mon, 29 Jul 2024 10:07:31 +0200 Message-Id: <20240729080733.16839-1-zajec5@gmail.com> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240729_010801_586686_DA2EE0AE X-CRM114-Status: GOOD ( 11.46 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: John Thomson Verify data size before trying to parse it to avoid reading out of buffer. This could happen in case of problems at MTD level or invalid DT bindings. Signed-off-by: John Thomson Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables") [rmilecki: simplify commit description & rebase] Signed-off-by: Rafał Miłecki --- V2: New patch in the series drivers/nvmem/u-boot-env.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/nvmem/u-boot-env.c b/drivers/nvmem/u-boot-env.c index 936e39b20b38..593f0bf4a395 100644 --- a/drivers/nvmem/u-boot-env.c +++ b/drivers/nvmem/u-boot-env.c @@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boot_env *priv) data_offset = offsetof(struct u_boot_env_image_broadcom, data); break; } + + if (dev_size < data_offset) { + dev_err(dev, "Device too small for u-boot-env\n"); + err = -EIO; + goto err_kfree; + } + crc32_addr = (__le32 *)(buf + crc32_offset); crc32 = le32_to_cpu(*crc32_addr); crc32_data_len = dev_size - crc32_data_offset;