From: Dan Carpenter <dan.carpenter@oracle.com> To: Benjamin Herrenschmidt <benh@kernel.crashing.org>, Kim Phillips <kim.phillips@freescale.com> Cc: kernel-janitors@vger.kernel.org, Paul Mackerras <paulus@samba.org>, linuxppc-dev@lists.ozlabs.org Subject: [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority() Date: Mon, 03 Dec 2018 14:48:35 +0000 [thread overview] Message-ID: <20181203144834.ocxntjflfz2idxrb@kili.mountain> (raw) The ipic_info[] array only has 95 elements so I have made the bounds check smaller to prevent a read overflow. It was Smatch that found this issue: arch/powerpc/sysdev/ipic.c:784 ipic_set_priority() error: buffer overflow 'ipic_info' 95 <= 127 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- I wasn't able to find any callers of this code. Maybe we removed the last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new host_ops interface, add set_irq_type to set IRQ sense"). So perhaps we should just remove it. I'm not really comfortable doing that myself, because I don't know the code well enough and can't build test it properly. arch/powerpc/sysdev/ipic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/sysdev/ipic.c b/arch/powerpc/sysdev/ipic.c index 6300123ce965..9d70d0687cd9 100644 --- a/arch/powerpc/sysdev/ipic.c +++ b/arch/powerpc/sysdev/ipic.c @@ -779,7 +779,7 @@ int ipic_set_priority(unsigned int virq, unsigned int priority) if (priority > 7) return -EINVAL; - if (src > 127) + if (src >= ARRAY_SIZE(ipic_info)) return -EINVAL; if (ipic_info[src].prio = 0) return -EINVAL; -- 2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com> To: Benjamin Herrenschmidt <benh@kernel.crashing.org>, Kim Phillips <kim.phillips@freescale.com> Cc: kernel-janitors@vger.kernel.org, Paul Mackerras <paulus@samba.org>, linuxppc-dev@lists.ozlabs.org Subject: [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority() Date: Mon, 3 Dec 2018 17:48:35 +0300 [thread overview] Message-ID: <20181203144834.ocxntjflfz2idxrb@kili.mountain> (raw) The ipic_info[] array only has 95 elements so I have made the bounds check smaller to prevent a read overflow. It was Smatch that found this issue: arch/powerpc/sysdev/ipic.c:784 ipic_set_priority() error: buffer overflow 'ipic_info' 95 <= 127 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- I wasn't able to find any callers of this code. Maybe we removed the last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new host_ops interface, add set_irq_type to set IRQ sense"). So perhaps we should just remove it. I'm not really comfortable doing that myself, because I don't know the code well enough and can't build test it properly. arch/powerpc/sysdev/ipic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/sysdev/ipic.c b/arch/powerpc/sysdev/ipic.c index 6300123ce965..9d70d0687cd9 100644 --- a/arch/powerpc/sysdev/ipic.c +++ b/arch/powerpc/sysdev/ipic.c @@ -779,7 +779,7 @@ int ipic_set_priority(unsigned int virq, unsigned int priority) if (priority > 7) return -EINVAL; - if (src > 127) + if (src >= ARRAY_SIZE(ipic_info)) return -EINVAL; if (ipic_info[src].prio == 0) return -EINVAL; -- 2.11.0
next reply other threads:[~2018-12-03 14:48 UTC|newest] Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-12-03 14:48 Dan Carpenter [this message] 2018-12-03 14:48 ` [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority() Dan Carpenter 2018-12-05 3:26 ` Michael Ellerman 2018-12-05 3:26 ` Michael Ellerman 2018-12-05 8:11 ` Julia Lawall 2018-12-05 8:11 ` Julia Lawall 2018-12-05 12:04 ` Michael Ellerman 2018-12-05 12:04 ` Michael Ellerman 2018-12-05 12:06 ` Julia Lawall 2018-12-05 12:06 ` Julia Lawall 2018-12-06 7:18 ` Christophe LEROY 2018-12-06 7:18 ` Christophe LEROY 2018-12-06 8:12 ` Julia Lawall 2018-12-06 8:12 ` Julia Lawall 2018-12-11 14:26 ` Dan Carpenter 2018-12-11 14:26 ` Dan Carpenter 2018-12-07 2:07 ` Michael Ellerman 2018-12-07 2:07 ` Michael Ellerman 2018-12-10 12:05 ` Christophe Leroy 2018-12-10 12:05 ` Christophe Leroy 2018-12-06 9:34 ` Dan Carpenter 2018-12-06 9:34 ` Dan Carpenter
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181203144834.ocxntjflfz2idxrb@kili.mountain \ --to=dan.carpenter@oracle.com \ --cc=benh@kernel.crashing.org \ --cc=kernel-janitors@vger.kernel.org \ --cc=kim.phillips@freescale.com \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=paulus@samba.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.