From: Tien Fong Chee tien.fong.chee@intel.com
Each register 4 bytes write, there is a potential that user setting an invalid offset which is less than block size, but overflow the block size when writing the register. This patch prevents this overwrite issue by checking earlier before starting any register write.
Signed-off-by: Tien Fong Chee tien.fong.chee@intel.com Signed-off-by: Jit Loon Lim jit.loon.lim@intel.com --- drivers/misc/socfpga_secreg.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/socfpga_secreg.c b/drivers/misc/socfpga_secreg.c index a4b297e7f1..0ea30c254b 100644 --- a/drivers/misc/socfpga_secreg.c +++ b/drivers/misc/socfpga_secreg.c @@ -8,6 +8,7 @@ #include <common.h> #include <dm.h> #include <errno.h> +#include <linux/sizes.h>
static int socfpga_secreg_probe(struct udevice *dev) { @@ -53,10 +54,10 @@ static int socfpga_secreg_probe(struct udevice *dev) debug("%s(intel,offset-settings 0x%llx : 0x%llx)\n", __func__, offset, val);
- if (blk_sz <= offset) { - printf("%s: Overflow as offset 0x%llx", + if (blk_sz < offset + SZ_4) { + printf("%s: Overflow as offset 0x%llx or reg", __func__, offset); - printf(" is larger than block size 0x%x\n", + printf(" write is more than block size 0x%x\n", blk_sz); return -EINVAL; }