[v4,1/5] nvmem: check invalid number of bytes in nvmem_device_{read,write}

Add check in nvmem_device_{read,write}()to ensure that nvmem core never
passes an invalid number of bytes.

Signed-off-by: Biju Das <biju.das@bp.renesas.com>
---
V3-->V4
	* New patch.
---
 drivers/nvmem/core.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

Thanks for the patch.

On 07/12/18 11:27, Biju Das wrote:
> Add check in nvmem_device_{read,write}()to ensure that nvmem core never
> passes an invalid number of bytes.
> 
> Signed-off-by: Biju Das <biju.das@bp.renesas.com>
> ---
> V3-->V4
> 	* New patch.
> ---
>   drivers/nvmem/core.c | 26 +++++++++++++++++++++++++-
>   1 file changed, 25 insertions(+), 1 deletion(-)
> 

Its better to move checks from 
bin_attr_nvmem_read()/bin_attr_nvmem_write() into nvmem_reg_read() and 
nvmem_reg_write(), so its easy to maintain, rather than adding them to 
each function.

> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index d9fd110..db7de33 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -1433,10 +1433,21 @@ int nvmem_device_read(struct nvmem_device *nvmem,
>   		      size_t bytes, void *buf)
>   {
>   	int rc;
> +	size_t new_bytes;
>   
>   	if (!nvmem)
>   		return -EINVAL;
>   
> +	/* Stop the user from reading */
> +	if ((offset >= nvmem->size) || (bytes == 0))
> +		return 0;
> +
> +	if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
> +		return -EOVERFLOW;
> +
> +	if (new_bytes > nvmem->size)
> +		bytes = nvmem->size - offset;
> +
>   	rc = nvmem_reg_read(nvmem, offset, buf, bytes);
>   
>   	if (rc)
> @@ -1461,16 +1472,29 @@ int nvmem_device_write(struct nvmem_device *nvmem,
>   		       size_t bytes, void *buf)
>   {
>   	int rc;
> +	size_t new_bytes;
>   
>   	if (!nvmem)
>   		return -EINVAL;
>   
> +	/* Stop the user from writing */
> +	if (offset >= nvmem->size)
> +		return -ENOSPC;
> +
> +	if (bytes == 0)
> +		return 0;
> +
> +	if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
> +		return -EOVERFLOW;
> +
> +	if (new_bytes > nvmem->size)
> +		bytes = nvmem->size - offset;
> +
>   	rc = nvmem_reg_write(nvmem, offset, buf, bytes);
>   
>   	if (rc)
>   		return rc;
>   
> -

Unrelated change!


--srini
>   	return bytes;
>   }
>   EXPORT_SYMBOL_GPL(nvmem_device_write);
>

Hi Srinivas,

Thanks for the feedback.

> Subject: Re: [PATCH v4 1/5] nvmem: check invalid number of bytes in
> nvmem_device_{read,write}
>
> Thanks for the patch.
>
> On 07/12/18 11:27, Biju Das wrote:
> > Add check in nvmem_device_{read,write}()to ensure that nvmem core
> > never passes an invalid number of bytes.
> >
> > Signed-off-by: Biju Das <biju.das@bp.renesas.com>
> > ---
> > V3-->V4
> > * New patch.
> > ---
> >   drivers/nvmem/core.c | 26 +++++++++++++++++++++++++-
> >   1 file changed, 25 insertions(+), 1 deletion(-)
> >
>
> Its better to move checks from
> bin_attr_nvmem_read()/bin_attr_nvmem_write() into nvmem_reg_read()
> and nvmem_reg_write(), so its easy to maintain, rather than adding them to
> each function.

Initially I also thought the same. But there are some RTC drivers which is using nvmem_device
interface  is not defining "word_size"  member. That is the reason we need to add it in separate function.
Can you please suggest how to handle the above drivers?

> > diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c index
> > d9fd110..db7de33 100644
> > --- a/drivers/nvmem/core.c
> > +++ b/drivers/nvmem/core.c
> > @@ -1433,10 +1433,21 @@ int nvmem_device_read(struct nvmem_device
> *nvmem,
> >         size_t bytes, void *buf)
> >   {
> >   int rc;
> > +size_t new_bytes;
> >
> >   if (!nvmem)
> >   return -EINVAL;
> >
> > +/* Stop the user from reading */
> > +if ((offset >= nvmem->size) || (bytes == 0))
> > +return 0;
> > +
> > +if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
> > +return -EOVERFLOW;
> > +
> > +if (new_bytes > nvmem->size)
> > +bytes = nvmem->size - offset;
> > +
> >   rc = nvmem_reg_read(nvmem, offset, buf, bytes);
> >
> >   if (rc)
> > @@ -1461,16 +1472,29 @@ int nvmem_device_write(struct
> nvmem_device *nvmem,
> >          size_t bytes, void *buf)
> >   {
> >   int rc;
> > +size_t new_bytes;
> >
> >   if (!nvmem)
> >   return -EINVAL;
> >
> > +/* Stop the user from writing */
> > +if (offset >= nvmem->size)
> > +return -ENOSPC;
> > +
> > +if (bytes == 0)
> > +return 0;
> > +
> > +if (unlikely(check_add_overflow(bytes, offset, &new_bytes)))
> > +return -EOVERFLOW;
> > +
> > +if (new_bytes > nvmem->size)
> > +bytes = nvmem->size - offset;
> > +
> >   rc = nvmem_reg_write(nvmem, offset, buf, bytes);
> >
> >   if (rc)
> >   return rc;
> >
> > -
>
> Unrelated change!

I  found an extra space in this function.  If it is a problem, I will send V2 for undoing this.
Please let me know.

Regards,
Biju


[https://www2.renesas.eu/media/email/unicef.jpg]

This Christmas, instead of sending out cards, Renesas Electronics Europe have decided to support Unicef with a donation. For further details click here<https://www.unicef.org/> to find out about the valuable work they do, helping children all over the world.
We would like to take this opportunity to wish you a Merry Christmas and a prosperous New Year.



Renesas Electronics Europe Ltd, Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire, SL8 5FH, UK. Registered in England & Wales under Registered No. 04586709.

On 10/12/18 12:45, Biju Das wrote:
>> Its better to move checks from
>> bin_attr_nvmem_read()/bin_attr_nvmem_write() into nvmem_reg_read()
>> and nvmem_reg_write(), so its easy to maintain, rather than adding them to
>> each function.
> Initially I also thought the same. But there are some RTC drivers which is using nvmem_device
> interface  is not defining "word_size"  member. That is the reason we need to add it in separate function.
> Can you please suggest how to handle the above drivers?

Word size is optional anyway, in the case where word_size is not 
specified, its considered as one byte word_size.

--srini

>

Hi Srinivas,

Thanks for the feedback.

> Subject: Re: [PATCH v4 1/5] nvmem: check invalid number of bytes in
> nvmem_device_{read,write}
>
>
>
> On 10/12/18 12:45, Biju Das wrote:
> >> Its better to move checks from
> >> bin_attr_nvmem_read()/bin_attr_nvmem_write() into
> nvmem_reg_read()
> >> and nvmem_reg_write(), so its easy to maintain, rather than adding
> >> them to each function.
> > Initially I also thought the same. But there are some RTC drivers
> > which is using nvmem_device interface  is not defining "word_size"
> member. That is the reason we need to add it in separate function.
> > Can you please suggest how to handle the above drivers?
>
> Word size is optional anyway, in the case where word_size is not specified,
> its considered as one byte word_size.

Will send V2 for this.

Regards,
Biju


[https://www2.renesas.eu/media/email/unicef.jpg]

This Christmas, instead of sending out cards, Renesas Electronics Europe have decided to support Unicef with a donation. For further details click here<https://www.unicef.org/> to find out about the valuable work they do, helping children all over the world.
We would like to take this opportunity to wish you a Merry Christmas and a prosperous New Year.



Renesas Electronics Europe Ltd, Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire, SL8 5FH, UK. Registered in England & Wales under Registered No. 04586709.