video: tegra: host: check if offset is u32 aligned
Deepak Nibade [Fri, 11 Mar 2016 08:29:20 +0000 (13:29 +0530)]
In nvhost_ioctl_ctrl_module_regrdwr(), we copy offset
to read/write from user space but we do not have
any check on it

So it is possible for user space to add unaligned
offset and request read/write which would crash the
system

Fix this by explicitly checking alignment of the
offset passed by user space

Bug 1739935

Change-Id: Iea2a07c60500af876b732a0e9d9d08535aa53b5c
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/1029405
(cherry picked from commit 422baa09a17a6a17f4e572aa5441ca174634de0d)
Reviewed-on: http://git-master/r/1123363
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>
Reviewed-by: Matthew Pedro <mapedro@nvidia.com>

drivers/video/tegra/host/bus_client.c

index 973b8f3..3eaa07b 100644 (file)
@@ -62,6 +62,10 @@ static int validate_reg(struct platform_device *ndev, u32 offset, int count)
        struct resource *r;
        struct nvhost_device_data *pdata = platform_get_drvdata(ndev);
 
+       /* check if offset is u32 aligned */
+       if (offset & 3)
+               return -EINVAL;
+
        r = platform_get_resource(pdata->master ? pdata->master : ndev,
                        IORESOURCE_MEM, 0);
        if (!r) {