video: tegra: host: check if offset is u32 aligned
Deepak Nibade [Fri, 11 Mar 2016 08:29:20 +0000 (13:29 +0530)]
In nvhost_ioctl_ctrl_module_regrdwr(), we copy offset
to read/write from user space but we do not have
any check on it

So it is possible for user space to add unaligned
offset and request read/write which would crash the
system

Fix this by explicitly checking alignment of the
offset passed by user space

Bug 1739935

Change-Id: Iea2a07c60500af876b732a0e9d9d08535aa53b5c
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/1029405
(cherry picked from commit 422baa09a17a6a17f4e572aa5441ca174634de0d)
Reviewed-on: http://git-master/r/1111328
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Manish Tuteja <mtuteja@nvidia.com>
Tested-by: Manish Tuteja <mtuteja@nvidia.com>

drivers/video/tegra/host/bus_client.c

index 5de6c30..523f67f 100644 (file)
@@ -69,6 +69,10 @@ static int validate_reg(struct platform_device *ndev, u32 offset, int count)
        int err = 0;
        struct resource *r;
 
+       /* check if offset is u32 aligned */
+       if (offset & 3)
+               return -EINVAL;
+
        r = platform_get_resource(ndev, IORESOURCE_MEM, 0);
        if (!r) {
                dev_err(&ndev->dev, "failed to get memory resource\n");