Re: [PATCH v3] bus: mhi: core: Sanity check values from remote device before use

From: Hemant Kumar
Date: Wed Apr 07 2021 - 17:30:33 EST

Next message: Nick Desaulniers: "Re: [PATCH] x86/kernel: remove unneeded dead-store initialization"
Previous message: Siddharth Chandrasekaran: "[PATCH 0/4] Add support for XMM fast hypercalls"
In reply to: Manivannan Sadhasivam: "Re: [PATCH v3] bus: mhi: core: Sanity check values from remote device before use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/10/21 1:30 PM, Jeffrey Hugo wrote:

When parsing the structures in the shared memory, there are values which
come from the remote device. For example, a transfer completion event
will have a pointer to the tre in the relevant channel's transfer ring.
As another example, event ring elements may specify a channel in which
the event occurred, however the specified channel value may not be valid
as no channel is defined at that index even though the index may be less
than the maximum allowed index. Such values should be considered to be
untrusted, and validated before use. If we blindly use such values, we
may access invalid data or crash if the values are corrupted.

If validation fails, drop the relevant event.

Signed-off-by: Jeffrey Hugo <jhugo@xxxxxxxxxxxxxx>

Reviewed-by: Hemant Kumar <hemantk@xxxxxxxxxxxxxx>
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

Next message: Nick Desaulniers: "Re: [PATCH] x86/kernel: remove unneeded dead-store initialization"
Previous message: Siddharth Chandrasekaran: "[PATCH 0/4] Add support for XMM fast hypercalls"
In reply to: Manivannan Sadhasivam: "Re: [PATCH v3] bus: mhi: core: Sanity check values from remote device before use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]