From 598370973928f93a6ab2ce17d76219fb8f15bab7 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Tue, 15 Oct 2024 07:29:20 +0200 Subject: [PATCH 1/2] storage/stream_flash: Fix range check in stream_flash_erase_page Added check where stream_flash_erase_page checks if requested offset is actually within stream flash designated area. Fixes #79800 Signed-off-by: Dominik Ermel (cherry picked from commit 8714c172edd1947a6348ac0f669d89668f5896c3) --- include/zephyr/storage/stream_flash.h | 3 ++- subsys/storage/stream/stream_flash.c | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/zephyr/storage/stream_flash.h b/include/zephyr/storage/stream_flash.h index bc871dbab05fe..c2b488348b422 100644 --- a/include/zephyr/storage/stream_flash.h +++ b/include/zephyr/storage/stream_flash.h @@ -149,7 +149,8 @@ int stream_flash_erase_page(struct stream_flash_ctx *ctx, off_t off); * @param settings_key key to use with the settings module for loading * the stream write progress * - * @return non-negative on success, negative errno code on fail + * @return non-negative on success, -ERANGE in case when @p off is out + * of area designated for stream or negative errno code on fail */ int stream_flash_progress_load(struct stream_flash_ctx *ctx, const char *settings_key); diff --git a/subsys/storage/stream/stream_flash.c b/subsys/storage/stream/stream_flash.c index 0ff0c4578ff86..a8e28c6c8ff4b 100644 --- a/subsys/storage/stream/stream_flash.c +++ b/subsys/storage/stream/stream_flash.c @@ -79,6 +79,12 @@ int stream_flash_erase_page(struct stream_flash_ctx *ctx, off_t off) #if defined(CONFIG_FLASH_HAS_EXPLICIT_ERASE) int rc; struct flash_pages_info page; + + if (off < ctx->offset || (off - ctx->offset) >= ctx->available) { + LOG_ERR("Offset out of designated range"); + return -ERANGE; + } + #if defined(CONFIG_FLASH_HAS_NO_EXPLICIT_ERASE) /* There are both types of devices */ const struct flash_parameters *fparams = flash_get_parameters(ctx->fdev); From ac3ab088758af5d40eb1264edd1836486b0f1b69 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Tue, 15 Oct 2024 07:31:35 +0200 Subject: [PATCH 2/2] tests/storage/stream_flash: Add erase range check test The commit adds test for stream_flash_erase_page range check. Signed-off-by: Dominik Ermel (cherry picked from commit 23805301b0046fe531553c0a094c1cef63c62cb0) --- .../storage/stream/stream_flash/src/main.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/subsys/storage/stream/stream_flash/src/main.c b/tests/subsys/storage/stream/stream_flash/src/main.c index 58fbb6e35bbb2..52d412053dd47 100644 --- a/tests/subsys/storage/stream/stream_flash/src/main.c +++ b/tests/subsys/storage/stream/stream_flash/src/main.c @@ -465,6 +465,25 @@ ZTEST(lib_stream_flash, test_stream_flash_erase_page) zassert_equal(memcmp(&bad_ctx, &cmp_ctx, sizeof(bad_ctx)), 0, "Ctx should not get altered"); zassert_equal(rc, -EINVAL, "Expected failure"); + + /* False dev with erase set to NULL to avoid actual erase */ + fake_api.erase = NULL; + struct stream_flash_ctx range_test_ctx = { + .offset = 1024, + .available = 2048, + .fdev = &fake_dev, + .last_erased_page_start_offset = -1, + }; + + rc = stream_flash_erase_page(&range_test_ctx, 1024); + zassert_equal(rc, -ENOSYS, "%d No device attached - expected failure", rc); + + rc = stream_flash_erase_page(&range_test_ctx, 1023); + zassert_equal(rc, -ERANGE, "Expected failure - offset before designated area"); + + rc = stream_flash_erase_page(&range_test_ctx, + range_test_ctx.offset + range_test_ctx.available + 1); + zassert_equal(rc, -ERANGE, "Expected failure - offset after designated area"); } #else ZTEST(lib_stream_flash, test_stream_flash_erase_page)