From 54f18af8d30c4e147859baa9d2e052af24719d63 Mon Sep 17 00:00:00 2001 From: Timo Alho Date: Sun, 12 Jul 2020 11:01:14 +0100 Subject: [PATCH] firmware: tegra: Add return code checks and increase debugfs size Add checking of the BPMP-FW return code values for MRQ_DEBUGFS calls. Also, development versions of the firmware may have debugfs with a directory structure larger than 256 KiB. Hence increase the size of the memory buffer to accommodate those firmware revisions. And finally, ensure that no access outside of allocated memory buffer happens in case BPMP-FW returns an invalid response size (nbytes) from mrq_debugfs_dumpdir() call. Signed-off-by: Timo Alho Signed-off-by: Jon Hunter Signed-off-by: Thierry Reding --- drivers/firmware/tegra/bpmp-debugfs.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c index 636b40d4364df..5a6a01b168724 100644 --- a/drivers/firmware/tegra/bpmp-debugfs.c +++ b/drivers/firmware/tegra/bpmp-debugfs.c @@ -127,6 +127,8 @@ static int mrq_debugfs_read(struct tegra_bpmp *bpmp, err = tegra_bpmp_transfer(bpmp, &msg); if (err < 0) return err; + else if (msg.rx.ret < 0) + return -EINVAL; *nbytes = (size_t)resp.fop.nbytes; @@ -184,6 +186,8 @@ static int mrq_debugfs_dumpdir(struct tegra_bpmp *bpmp, dma_addr_t addr, err = tegra_bpmp_transfer(bpmp, &msg); if (err < 0) return err; + else if (msg.rx.ret < 0) + return -EINVAL; *nbytes = (size_t)resp.dumpdir.nbytes; @@ -374,7 +378,7 @@ int tegra_bpmp_init_debugfs(struct tegra_bpmp *bpmp) { dma_addr_t phys; void *virt; - const size_t sz = SZ_256K; + const size_t sz = SZ_512K; size_t nbytes; int ret; struct dentry *root; @@ -394,8 +398,12 @@ int tegra_bpmp_init_debugfs(struct tegra_bpmp *bpmp) } ret = mrq_debugfs_dumpdir(bpmp, phys, sz, &nbytes); - if (ret < 0) + if (ret < 0) { + goto free; + } else if (nbytes > sz) { + ret = -EINVAL; goto free; + } ret = create_debugfs_mirror(bpmp, virt, nbytes, root); free: -- 2.39.5