* [PATCH] firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow
@ 2021-07-07 13:47 Sudeep Holla
2021-07-14 16:47 ` Sudeep Holla
0 siblings, 1 reply; 2+ messages in thread
From: Sudeep Holla @ 2021-07-07 13:47 UTC (permalink / raw)
To: linux-arm-kernel; +Cc: Sudeep Holla, kernel test robot, Dan Carpenter
The ffa_linux_errmap buffer access index is supposed to range from 0-8
but it ranges from 1-9 instead. It reads one element out of bounds. It
also changes the success into -EINVAL though ffa_to_linux_errno is never
used in case of success, it is expected to work for success case too.
It is slightly confusing code as the negative of the error code
is used as index to the buffer. Fix it by negating it at the start and
make it more readable.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
---
drivers/firmware/arm_ffa/driver.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c
index 88b822575ac4..c9fb56afbcb4 100644
--- a/drivers/firmware/arm_ffa/driver.c
+++ b/drivers/firmware/arm_ffa/driver.c
@@ -149,8 +149,10 @@ static const int ffa_linux_errmap[] = {
static inline int ffa_to_linux_errno(int errno)
{
- if (errno < FFA_RET_SUCCESS && errno >= -ARRAY_SIZE(ffa_linux_errmap))
- return ffa_linux_errmap[-errno];
+ int err_idx = -errno;
+
+ if (err_idx >= 0 && err_idx < ARRAY_SIZE(ffa_linux_errmap))
+ return ffa_linux_errmap[err_idx];
return -EINVAL;
}
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow
2021-07-07 13:47 [PATCH] firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow Sudeep Holla
@ 2021-07-14 16:47 ` Sudeep Holla
0 siblings, 0 replies; 2+ messages in thread
From: Sudeep Holla @ 2021-07-14 16:47 UTC (permalink / raw)
To: Sudeep Holla, linux-arm-kernel; +Cc: Dan Carpenter, kernel test robot
On Wed, 7 Jul 2021 14:47:39 +0100, Sudeep Holla wrote:
> The ffa_linux_errmap buffer access index is supposed to range from 0-8
> but it ranges from 1-9 instead. It reads one element out of bounds. It
> also changes the success into -EINVAL though ffa_to_linux_errno is never
> used in case of success, it is expected to work for success case too.
>
> It is slightly confusing code as the negative of the error code
> is used as index to the buffer. Fix it by negating it at the start and
> make it more readable.
Applied to sudeep.holla/linux (for-next/ffa), thanks!
[1/1] firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow
https://git.kernel.org/sudeep.holla/c/dd925db6f0
--
Regards,
Sudeep
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-07-14 16:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-07 13:47 [PATCH] firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow Sudeep Holla
2021-07-14 16:47 ` Sudeep Holla
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.