Hi Simon, On 07/06/20 08:43PM, Simon Glass wrote: > Hi Pratyush, > > On Tue, 26 May 2020 at 06:06, Pratyush Yadav <p.ya...@ti.com> wrote: > > > > In regmap_raw_{read,write}_range(), offsets are checked to make sure > > they aren't out of range. But this check happens _after_ the address is > > mapped from physical memory. Input should be sanity-checked before using > > it. Mapping the address before validating it leaves the door open to > > passing an invalid address to map_physmem(). So check for out of range > > offsets _before_ mapping them. > > > > This fixes a segmentation fault in sandbox when -1 is used as an offset > > to regmap_{read,write}(). > > > > Signed-off-by: Pratyush Yadav <p.ya...@ti.com> > > --- > > drivers/core/regmap.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > Reviewed-by: Simon Glass <s...@chromium.org>
Thanks. > Please add a sandbox test to catch this problem. The test "dm_test_devm_regmap" proposed in [0] should catch this: ut_asserteq(-ERANGE, regmap_write(priv->cfg_regmap, -1, val)); ut_asserteq(-ERANGE, regmap_read(priv->cfg_regmap, -1, &val)); [0] https://patchwork.ozlabs.org/project/uboot/patch/20200605203025.15466-9-p.ya...@ti.com/ -- Regards, Pratyush Yadav Texas Instruments India