raw/ifpga/base: check file length

In fpga_update_flash(), "smgr->rsu_length" is passed to a
parameter that cannot be negative. So return value of
function "lseek" should be checked before being assigned
to "smgr->rsu_length".

Coverity issue: 367481
Fixes: a05bd1b40bde ("raw/ifpga: add FPGA RSU APIs")

Signed-off-by: Wei Huang <wei.huang@intel.com>
Acked-by: Tianfei Zhang <tianfei.zhang@intel.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>

diff --git a/drivers/raw/ifpga/base/ifpga_fme_rsu.c b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
index b5e018d..f147aaa 100644 (file)
--- a/drivers/raw/ifpga/base/ifpga_fme_rsu.c
+++ b/drivers/raw/ifpga/base/ifpga_fme_rsu.c
@@ -275,6 +275,7 @@ int fpga_update_flash(struct ifpga_fme_hw *fme, const char *image,
        struct ifpga_sec_mgr *smgr = NULL;
        uint32_t rsu_stat = 0;
        int fd = -1;
+       off_t len = 0;
        struct sigaction old_sigint_action;
        struct sigaction sa;
        time_t start;
@@ -318,9 +319,21 @@ int fpga_update_flash(struct ifpga_fme_hw *fme, const char *image,
                        image, strerror(errno));
                return -EIO;
        }
-       smgr->rsu_length = lseek(fd, 0, SEEK_END);
+       len = lseek(fd, 0, SEEK_END);
        close(fd);
 
+       if (len < 0) {
+               dev_err(smgr,
+                       "Failed to get file length of \'%s\' [e:%s]\n",
+                       image, strerror(errno));
+               return -EIO;
+       }
+       if (len == 0) {
+               dev_err(smgr, "Length of file \'%s\' is invalid\n", image);
+               return -EINVAL;
+       }
+       smgr->rsu_length = len;
+
        if (smgr->max10_dev->staging_area_size < smgr->rsu_length) {
                dev_err(dev, "Size of staging area is small than image length "
                        "[%u<%u]\n", smgr->max10_dev->staging_area_size,