In nvhost_ioctl_ctrl_module_regrdwr(), we copy offset
to read/write from user space but we do not have
any check on it
So it is possible for user space to add unaligned
offset and request read/write which would crash the
system
Fix this by explicitly checking alignment of the
offset passed by user space
Bug
1739935
Change-Id: Iea2a07c60500af876b732a0e9d9d08535aa53b5c
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/
1029405
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
int err = 0;
struct resource *r;
+ /* check if offset is u32 aligned */
+ if (offset & 3)
+ return -EINVAL;
+
r = platform_get_resource(ndev, IORESOURCE_MEM, 0);
if (!r) {
dev_err(&ndev->dev, "failed to get memory resource\n");