Add kernel network info description checks
To ensure that the description string in the network info response is
correctly null-terminated and that the string will fit into the UAPI
struct. The kernel will now check for the null-termination and verify
that the UAPI struct can hold the expected string size.
Change-Id: I8097a04c6ee4e80f1ab62a66e7323d2462c2c23a
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
diff --git a/kernel/ethosu_network_info.c b/kernel/ethosu_network_info.c
index 5bfa150..898d48e 100644
--- a/kernel/ethosu_network_info.c
+++ b/kernel/ethosu_network_info.c
@@ -29,6 +29,8 @@
#include "ethosu_mailbox.h"
#include "uapi/ethosu.h"
+#include <linux/bug.h>
+
#define NETWORK_INFO_RESP_TIMEOUT_MS 3000
static inline int ethosu_network_info_send(struct ethosu_network_info *info,
@@ -126,6 +128,9 @@
struct ethosu_mailbox_msg *msg;
struct ethosu_network_info *info;
uint32_t i;
+ const size_t rsp_desc_size = sizeof(rsp->desc);
+
+ BUILD_BUG_ON(rsp_desc_size != sizeof(info->uapi->desc));
msg = ethosu_mailbox_find(mailbox, msg_id,
ETHOSU_CORE_MSG_NETWORK_INFO_REQ);
@@ -154,8 +159,16 @@
goto signal_complete;
}
+ if (strnlen(rsp->desc, rsp_desc_size) == rsp_desc_size) {
+ dev_err(dev,
+ "Description in network info is not null-terminated\n");
+ info->errno = -EMSGSIZE;
+ goto signal_complete;
+ }
+
ret = strscpy(info->uapi->desc, rsp->desc, sizeof(info->uapi->desc));
if (ret < 0) {
+ dev_err(dev, "Failed to copy network info description\n");
info->errno = ret;
goto signal_complete;
}