video: tegra: host: check if offset is u32 aligned

In nvhost_ioctl_ctrl_module_regrdwr(), we copy offset
to read/write from user space but we do not have
any check on it

So it is possible for user space to add unaligned
offset and request read/write which would crash the
system

Fix this by explicitly checking alignment of the
offset passed by user space

Bug 1739935

Change-Id: Iea2a07c60500af876b732a0e9d9d08535aa53b5c
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-on: http://git-master/r/1029405
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>

diff --git a/drivers/video/tegra/host/bus_client.c b/drivers/video/tegra/host/bus_client.c
index b1dedf4a0dd6d295dea65bedb8ed2a6f07c247d4..ac2bfd80b0a76eee85043596da521f9f06dea07d 100644 (file)
--- a/drivers/video/tegra/host/bus_client.c
+++ b/drivers/video/tegra/host/bus_client.c
@@ -69,6 +69,10 @@ static int validate_reg(struct platform_device *ndev, u32 offset, int count)
        int err = 0;
        struct resource *r;
 
+       /* check if offset is u32 aligned */
+       if (offset & 3)
+               return -EINVAL;
+
        r = platform_get_resource(ndev, IORESOURCE_MEM, 0);
        if (!r) {
                dev_err(&ndev->dev, "failed to get memory resource\n");