| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2024 17:25:03 -0500
From: Frank Li <Frank.Li@....com>
To: frank.li@....com
Cc: alexandre.belloni@...tlin.com,
conor.culhane@...vaco.com,
imx@...ts.linux.dev,
joe@...ches.com,
linux-i3c@...ts.infradead.org,
linux-kernel@...r.kernel.org,
miquel.raynal@...tlin.com,
zbigniew.lukwinski@...ux.intel.com
Subject: [PATCH 1/1] i3c: master: svc: return error when read length bigger than 255
RDTERM in MCTRL is 8 bits. Add a length check to prevent silent data errors
when the read length exceeds 255 bytes during each i3c_priv_xfer operation.
Signed-off-by: Frank Li <Frank.Li@....com>
---
drivers/i3c/master/svc-i3c-master.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c
index bd10bb698da0f..181b56953fb28 100644
--- a/drivers/i3c/master/svc-i3c-master.c
+++ b/drivers/i3c/master/svc-i3c-master.c
@@ -1375,6 +1375,11 @@ static int svc_i3c_master_priv_xfers(struct i3c_dev_desc *dev,
cmd->len = xfers[i].len;
cmd->actual_len = xfers[i].rnw ? xfers[i].len : 0;
cmd->continued = (i + 1) < nxfers;
+
+ if (cmd->rnw && cmd->len > 255) {
+ dev_err(master->dev, "only support read less than 255 each xfer\n");
+ return -EINVAL;
+ }
}
mutex_lock(&master->lock);
--
2.34.1
Powered by blists - more mailing lists