diff mbox series

soc: qcom: pmic_glink_altmode: fix port sanity check

Message ID 20231109093100.19971-1-johan+linaro@kernel.org
State Accepted
Commit c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0
Headers show
Series soc: qcom: pmic_glink_altmode: fix port sanity check | expand

Commit Message

Johan Hovold Nov. 9, 2023, 9:31 a.m. UTC 
The PMIC GLINK altmode driver currently supports at most two ports.

Fix the incomplete port sanity check on notifications to avoid
accessing and corrupting memory beyond the port array if we ever get a
notification for an unsupported port.

Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
Cc: stable@vger.kernel.org	# 6.3
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
 drivers/soc/qcom/pmic_glink_altmode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Johan Hovold Nov. 9, 2023, 1:48 p.m. UTC | #1 
On Thu, Nov 09, 2023 at 02:28:59PM +0100, Konrad Dybcio wrote:
> On 11/9/23 10:31, Johan Hovold wrote:
  
> > -	if (!altmode->ports[port].altmode) {
> > +	if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {

> I'd personally use PMIC_GLINK_MAX_PORTS directly but it's the same

That's what I'd generally do as well, but here I followed the style of
this driver (and using ARRAY_SIZE() is arguable more safe).

> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>

Thanks for reviewing.

Johan
Dmitry Baryshkov Nov. 9, 2023, 2:28 p.m. UTC | #2 
On Thu, 9 Nov 2023 at 15:47, Johan Hovold <johan@kernel.org> wrote:
>
> On Thu, Nov 09, 2023 at 02:28:59PM +0100, Konrad Dybcio wrote:
> > On 11/9/23 10:31, Johan Hovold wrote:
>
> > > -   if (!altmode->ports[port].altmode) {
> > > +   if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {
>
> > I'd personally use PMIC_GLINK_MAX_PORTS directly but it's the same
>
> That's what I'd generally do as well, but here I followed the style of
> this driver (and using ARRAY_SIZE() is arguable more safe).

I'd prefer ARRAY_SIZE here too.

Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>

>
> > Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
>
> Thanks for reviewing.
>
> Johan
>
Bjorn Andersson Dec. 8, 2023, 2:55 p.m. UTC | #3 
On Thu, 09 Nov 2023 10:31:00 +0100, Johan Hovold wrote:
> The PMIC GLINK altmode driver currently supports at most two ports.
> 
> Fix the incomplete port sanity check on notifications to avoid
> accessing and corrupting memory beyond the port array if we ever get a
> notification for an unsupported port.
> 
> 
> [...]

Applied, thanks!

[1/1] soc: qcom: pmic_glink_altmode: fix port sanity check
      commit: c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0

Best regards,
diff mbox series

Patch

diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c
index 974c14d1e0bf..561d6ba005f4 100644
--- a/drivers/soc/qcom/pmic_glink_altmode.c
+++ b/drivers/soc/qcom/pmic_glink_altmode.c
@@ -285,7 +285,7 @@  static void pmic_glink_altmode_sc8180xp_notify(struct pmic_glink_altmode *altmod
 
 	svid = mux == 2 ? USB_TYPEC_DP_SID : 0;
 
-	if (!altmode->ports[port].altmode) {
+	if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {
 		dev_dbg(altmode->dev, "notification on undefined port %d\n", port);
 		return;
 	}
@@ -328,7 +328,7 @@  static void pmic_glink_altmode_sc8280xp_notify(struct pmic_glink_altmode *altmod
 	hpd_state = FIELD_GET(SC8280XP_HPD_STATE_MASK, notify->payload[8]);
 	hpd_irq = FIELD_GET(SC8280XP_HPD_IRQ_MASK, notify->payload[8]);
 
-	if (!altmode->ports[port].altmode) {
+	if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {
 		dev_dbg(altmode->dev, "notification on undefined port %d\n", port);
 		return;
 	}