Skip to content

Commit

Permalink
iio: cf_axi_dds: Prevent out-of-bounds debug register access
Browse files Browse the repository at this point in the history 
Make sure that when using the debug register access that registers outside
of the mapped memory region are not accessed. Otherwise undefined behavior
can occur.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
  • Loading branch information
@larsclausen @commodo
larsclausen authored and commodo committed Apr 30, 2018
1 parent a1dba55 commit 0c33f80
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
6 changes: 6 additions & 0 deletions drivers/iio/frequency/cf_axi_dds.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -717,6 +717,11 @@ static int cf_axi_dds_reg_access(struct iio_dev *indio_dev,
if ((reg & ~DEBUGFS_DRA_PCORE_REG_MAGIC) > 0xFFFF)
return -EINVAL;

/* Check that the register is in range and aligned */
if (((reg & DEBUGFS_DRA_PCORE_REG_MAGIC) || st->standalone) &&
((reg & 0xffff) >= st->regs_size || (reg & 0x3)))
return -EINVAL;

if (st->dev_spi)
conv = to_converter(st->dev_spi);

Expand Down Expand Up @@ -1300,6 +1305,7 @@ static int cf_axi_dds_probe(struct platform_device *pdev)
st = iio_priv(indio_dev);

res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
st->regs_size = resource_size(res);
st->regs = devm_ioremap(&pdev->dev, res->start, resource_size(res));
if (!st->regs) {
ret = -ENOMEM;
Expand Down
1 change: 1 addition & 0 deletions drivers/iio/frequency/cf_axi_dds.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ struct cf_axi_dds_state {
bool pl_dma_fifo_en;

struct iio_info iio_info;
size_t regs_size;
void __iomem *regs;
void __iomem *slave_regs;
void __iomem *master_regs;
Expand Down

0 comments on commit 0c33f80

Please sign in to comment.