[PATCH] regmap: kunit: Fix array overflow in stride() test

From: Richard Fitzgerald
Date: Fri May 17 2024 - 11:39:14 EST


Force the max_register of the test regmap to be one register longer
than the number of test registers, to prevent an array overflow in
the test loop.

The test defines num_reg_defaults = 6. With 6 registers and
stride == 2 the valid register addresses would be 0, 2, 4, 6, 8, 10.
However the loop checks attempting to access the odd address, so on
the final register it accesses address 11, and it writes entry [11]
of the read/written arrays.

Originally this worked because the max_register of the regmap was
hardcoded to be BLOCK_TEST_SIZE (== 12).

commit 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero
register addresses")
introduced the ability to start the test address range from any address,
which means adjusting the max_register. If max_register was not forced,
it was calculated either from num_reg_defaults or BLOCK_TEST_SIZE. This
correctly calculated that with num_reg_defaults == 6 and stride == 2 the
final valid address is 10. So the read/written arrays are allocated to
contain entries [0..10]. When stride attempted to access [11] it was
overflowing the array.

Signed-off-by: Richard Fitzgerald <rf@xxxxxxxxxxxxxxxxxxxxx>
Fixes: 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero register addresses")
---
drivers/base/regmap/regmap-kunit.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/base/regmap/regmap-kunit.c b/drivers/base/regmap/regmap-kunit.c
index 9c5314785fc2..be32cd4e84da 100644
--- a/drivers/base/regmap/regmap-kunit.c
+++ b/drivers/base/regmap/regmap-kunit.c
@@ -609,12 +609,19 @@ static void stride(struct kunit *test)
config.reg_stride = 2;
config.num_reg_defaults = BLOCK_TEST_SIZE / 2;

+ /*
+ * Allow one extra register so that the read/written arrays
+ * are sized big enough to include an entry for the odd
+ * address past the final reg_default register.
+ */
+ config.max_register = BLOCK_TEST_SIZE;
+
map = gen_regmap(test, &config, &data);
KUNIT_ASSERT_FALSE(test, IS_ERR(map));
if (IS_ERR(map))
return;

- /* Only even registers can be accessed, try both read and write */
+ /* Only even addresses can be accessed, try both read and write */
for (i = 0; i < BLOCK_TEST_SIZE; i++) {
data->read[i] = false;
data->written[i] = false;
--
2.39.2