From: Dan Carpenter <dan.carpenter@oracle.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Kim Phillips <kim.phillips@freescale.com>
Cc: kernel-janitors@vger.kernel.org,
Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority()
Date: Mon, 03 Dec 2018 14:48:35 +0000 [thread overview]
Message-ID: <20181203144834.ocxntjflfz2idxrb@kili.mountain> (raw)
The ipic_info[] array only has 95 elements so I have made the bounds
check smaller to prevent a read overflow. It was Smatch that found
this issue:
arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
error: buffer overflow 'ipic_info' 95 <= 127
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
I wasn't able to find any callers of this code. Maybe we removed the
last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
host_ops interface, add set_irq_type to set IRQ sense"). So perhaps we
should just remove it. I'm not really comfortable doing that myself,
because I don't know the code well enough and can't build test
it properly.
arch/powerpc/sysdev/ipic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/sysdev/ipic.c b/arch/powerpc/sysdev/ipic.c
index 6300123ce965..9d70d0687cd9 100644
--- a/arch/powerpc/sysdev/ipic.c
+++ b/arch/powerpc/sysdev/ipic.c
@@ -779,7 +779,7 @@ int ipic_set_priority(unsigned int virq, unsigned int priority)
if (priority > 7)
return -EINVAL;
- if (src > 127)
+ if (src >= ARRAY_SIZE(ipic_info))
return -EINVAL;
if (ipic_info[src].prio = 0)
return -EINVAL;
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Kim Phillips <kim.phillips@freescale.com>
Cc: kernel-janitors@vger.kernel.org,
Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority()
Date: Mon, 3 Dec 2018 17:48:35 +0300 [thread overview]
Message-ID: <20181203144834.ocxntjflfz2idxrb@kili.mountain> (raw)
The ipic_info[] array only has 95 elements so I have made the bounds
check smaller to prevent a read overflow. It was Smatch that found
this issue:
arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
error: buffer overflow 'ipic_info' 95 <= 127
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
I wasn't able to find any callers of this code. Maybe we removed the
last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
host_ops interface, add set_irq_type to set IRQ sense"). So perhaps we
should just remove it. I'm not really comfortable doing that myself,
because I don't know the code well enough and can't build test
it properly.
arch/powerpc/sysdev/ipic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/sysdev/ipic.c b/arch/powerpc/sysdev/ipic.c
index 6300123ce965..9d70d0687cd9 100644
--- a/arch/powerpc/sysdev/ipic.c
+++ b/arch/powerpc/sysdev/ipic.c
@@ -779,7 +779,7 @@ int ipic_set_priority(unsigned int virq, unsigned int priority)
if (priority > 7)
return -EINVAL;
- if (src > 127)
+ if (src >= ARRAY_SIZE(ipic_info))
return -EINVAL;
if (ipic_info[src].prio == 0)
return -EINVAL;
--
2.11.0
next reply other threads:[~2018-12-03 14:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-03 14:48 Dan Carpenter [this message]
2018-12-03 14:48 ` [PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority() Dan Carpenter
2018-12-05 3:26 ` Michael Ellerman
2018-12-05 3:26 ` Michael Ellerman
2018-12-05 8:11 ` Julia Lawall
2018-12-05 8:11 ` Julia Lawall
2018-12-05 12:04 ` Michael Ellerman
2018-12-05 12:04 ` Michael Ellerman
2018-12-05 12:06 ` Julia Lawall
2018-12-05 12:06 ` Julia Lawall
2018-12-06 7:18 ` Christophe LEROY
2018-12-06 7:18 ` Christophe LEROY
2018-12-06 8:12 ` Julia Lawall
2018-12-06 8:12 ` Julia Lawall
2018-12-11 14:26 ` Dan Carpenter
2018-12-11 14:26 ` Dan Carpenter
2018-12-07 2:07 ` Michael Ellerman
2018-12-07 2:07 ` Michael Ellerman
2018-12-10 12:05 ` Christophe Leroy
2018-12-10 12:05 ` Christophe Leroy
2018-12-06 9:34 ` Dan Carpenter
2018-12-06 9:34 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181203144834.ocxntjflfz2idxrb@kili.mountain \
--to=dan.carpenter@oracle.com \
--cc=benh@kernel.crashing.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=kim.phillips@freescale.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.