[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dda17db8-d2f4-bf9c-1ac0-1bcd35262b7d@codeaurora.org>
Date: Wed, 7 Apr 2021 14:30:17 -0700
From: Hemant Kumar <hemantk@...eaurora.org>
To: Jeffrey Hugo <jhugo@...eaurora.org>,
manivannan.sadhasivam@...aro.org
Cc: bbhatt@...eaurora.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] bus: mhi: core: Sanity check values from remote device
before use
On 3/10/21 1:30 PM, Jeffrey Hugo wrote:
> When parsing the structures in the shared memory, there are values which
> come from the remote device. For example, a transfer completion event
> will have a pointer to the tre in the relevant channel's transfer ring.
> As another example, event ring elements may specify a channel in which
> the event occurred, however the specified channel value may not be valid
> as no channel is defined at that index even though the index may be less
> than the maximum allowed index. Such values should be considered to be
> untrusted, and validated before use. If we blindly use such values, we
> may access invalid data or crash if the values are corrupted.
>
> If validation fails, drop the relevant event.
>
> Signed-off-by: Jeffrey Hugo <jhugo@...eaurora.org>
Reviewed-by: Hemant Kumar <hemantk@...eaurora.org>
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
Powered by blists - more mailing lists