diff options
| author | Cristian Marussi <cristian.marussi@arm.com> | 2022-06-08 10:55:28 +0100 |
|---|---|---|
| committer | Sudeep Holla <sudeep.holla@arm.com> | 2022-06-10 17:55:29 +0100 |
| commit | 4314f9f4f85832b5082f4e38b07b63b11baa538c (patch) | |
| tree | 9bd8f823a677bf7da687f9be2603e7bcecda4e0f /drivers/firmware/arm_scmi/voltage.c | |
| parent | 8e60294c8012fe4c66c3590376670998902fd822 (diff) | |
| download | linux-stable-4314f9f4f85832b5082f4e38b07b63b11baa538c.tar.gz linux-stable-4314f9f4f85832b5082f4e38b07b63b11baa538c.tar.bz2 linux-stable-4314f9f4f85832b5082f4e38b07b63b11baa538c.zip | |
firmware: arm_scmi: Avoid using extended string-buffers sizes if not necessary
Commit b260fccaebdc2 ("firmware: arm_scmi: Add SCMI v3.1 protocol extended
names support") moved all the name string buffers to use the extended buffer
size of 64 instead of the required 16 bytes. While that should be fine if
the firmware terminates the string before 16 bytes, there is possibility
of copying random data if the name is not NULL terminated by the firmware.
SCMI base protocol agent_name/vendor_id/sub_vendor_id are defined by the
specification as NULL-terminated ASCII strings up to 16-bytes in length.
The underlying buffers and message descriptors are currently bigger than
needed; resize them to fit only the strictly needed 16 bytes to avoid
any possible leaks when reading data from the firmware.
Change the size argument of strlcpy to use SCMI_SHORT_NAME_MAX_SIZE always
when dealing with short domain names, so as to limit the possibility that
an ill-formed non-NULL terminated short reply from the SCMI platform
firmware can leak stale content laying in the underlying transport shared
memory area.
While at that, convert all strings handling routines to use the preferred
strscpy.
Link: https://lore.kernel.org/r/20220608095530.497879-1-cristian.marussi@arm.com
Fixes: b260fccaebdc2 ("firmware: arm_scmi: Add SCMI v3.1 protocol extended names support")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Diffstat (limited to 'drivers/firmware/arm_scmi/voltage.c')
| -rw-r--r-- | drivers/firmware/arm_scmi/voltage.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/firmware/arm_scmi/voltage.c b/drivers/firmware/arm_scmi/voltage.c index 97df6d3dd131..5de93f637bd4 100644 --- a/drivers/firmware/arm_scmi/voltage.c +++ b/drivers/firmware/arm_scmi/voltage.c @@ -233,7 +233,7 @@ static int scmi_voltage_descriptors_get(const struct scmi_protocol_handle *ph, v = vinfo->domains + dom; v->id = dom; attributes = le32_to_cpu(resp_dom->attr); - strlcpy(v->name, resp_dom->name, SCMI_MAX_STR_SIZE); + strscpy(v->name, resp_dom->name, SCMI_SHORT_NAME_MAX_SIZE); /* * If supported overwrite short name with the extended one; |