[PATCH master] fs: /dev/mem: handle copy at offset 0 correctly
Sascha Hauer
sha at pengutronix.de
Tue Dec 7 01:13:05 PST 2021
On Mon, Nov 29, 2021 at 08:14:54AM +0100, Ahmad Fatoum wrote:
> Despite that /dev/mem has a size of 0, the check preventing
> out-of-bounds access works for /dev/mem as well, because of unsigned
> wrap around. Corner case is when offset is zero. There will be no wrap
> around and
>
> count = min(count, 0 - 0) = 0
>
> Leading to unexpected behavior with e.g.
>
> memcmp -s /dev/mem 0
>
> on systems without MMU. Fix this.
>
> Signed-off-by: Ahmad Fatoum <ahmad at a3f.at>
> ---
> fs/devfs-core.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
Applied, thanks
Sascha
>
> diff --git a/fs/devfs-core.c b/fs/devfs-core.c
> index 3715e543e632..2d016e0e4861 100644
> --- a/fs/devfs-core.c
> +++ b/fs/devfs-core.c
> @@ -573,7 +573,10 @@ ssize_t mem_copy(struct device_d *dev, void *dst, const void *src,
> if (!dev || dev->num_resources < 1)
> return -1;
>
> - count = size = min(count, resource_size(&dev->resource[0]) - offset);
> + if (resource_size(&dev->resource[0]) > 0 || offset != 0)
> + count = min(count, resource_size(&dev->resource[0]) - offset);
> +
> + size = count;
>
> /* no rwsize specification given. Do whatever memcpy likes best */
> if (!rwsize) {
> --
> 2.33.0
>
>
> _______________________________________________
> barebox mailing list
> barebox at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list