* [PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces
@ 2017-02-21 21:17 Eddie James
2017-02-22 0:44 ` Jeremy Kerr
0 siblings, 1 reply; 3+ messages in thread
From: Eddie James @ 2017-02-21 21:17 UTC (permalink / raw)
To: openbmc; +Cc: joel, cbostic, Edward A. James
From: "Edward A. James" <eajames@us.ibm.com>
Some potential for integer overflow and not checking signed offsets.
Signed-off-by: Edward A. James <eajames@us.ibm.com>
---
drivers/fsi/fsi-core.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index d63a892..e13774f 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -90,10 +90,7 @@ static int fsi_slave_write(struct fsi_slave *slave, uint32_t addr,
int fsi_device_read(struct fsi_device *dev, uint32_t addr, void *val,
size_t size)
{
- if (addr > dev->size)
- return -EINVAL;
-
- if (addr + size > dev->size)
+ if (addr > dev->size || size > dev->size || addr > dev->size - size)
return -EINVAL;
return fsi_slave_read(dev->slave, dev->addr + addr, val, size);
@@ -103,10 +100,7 @@ EXPORT_SYMBOL_GPL(fsi_device_read);
int fsi_device_write(struct fsi_device *dev, uint32_t addr, const void *val,
size_t size)
{
- if (addr > dev->size)
- return -EINVAL;
-
- if (addr + size > dev->size)
+ if (addr > dev->size || size > dev->size || addr > dev->size - size)
return -EINVAL;
return fsi_slave_write(dev->slave, dev->addr + addr, val, size);
@@ -328,7 +322,7 @@ static ssize_t fsi_slave_sysfs_raw_read(struct file *file,
if (count != 4 || off & 0x3)
return -EINVAL;
- if (off > 0xffffffff)
+ if (off > 0xfffffffc || off < 0)
return -EINVAL;
rc = fsi_slave_read(slave, off, buf, 4);
@@ -346,7 +340,7 @@ static ssize_t fsi_slave_sysfs_raw_write(struct file *file,
if (count != 4 || off & 0x3)
return -EINVAL;
- if (off > 0xffffffff)
+ if (off > 0xfffffffc || off < 0)
return -EINVAL;
rc = fsi_slave_write(slave, off, buf, 4);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces
2017-02-21 21:17 [PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces Eddie James
@ 2017-02-22 0:44 ` Jeremy Kerr
2017-02-22 14:01 ` Joel Stanley
0 siblings, 1 reply; 3+ messages in thread
From: Jeremy Kerr @ 2017-02-22 0:44 UTC (permalink / raw)
To: Eddie James, openbmc; +Cc: Edward A. James, cbostic
Hi Eddie,
> Some potential for integer overflow and not checking signed offsets.
[...]
> int fsi_device_read(struct fsi_device *dev, uint32_t addr, void *val,
> size_t size)
> {
> - if (addr > dev->size)
> - return -EINVAL;
> -
> - if (addr + size > dev->size)
> + if (addr > dev->size || size > dev->size || addr > dev->size - size)
> return -EINVAL;
I liked the split conditional statements, but that's only personal
preference. Regardless, LGTM.
Acked-by: Jeremy Kerr <jk@ozlabs.org>
Cheers,
Jeremy
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces
2017-02-22 0:44 ` Jeremy Kerr
@ 2017-02-22 14:01 ` Joel Stanley
0 siblings, 0 replies; 3+ messages in thread
From: Joel Stanley @ 2017-02-22 14:01 UTC (permalink / raw)
To: Jeremy Kerr
Cc: Eddie James, OpenBMC Maillist, Edward A. James, Christopher Bostic
On Wed, Feb 22, 2017 at 11:14 AM, Jeremy Kerr <jk@ozlabs.org> wrote:
> Hi Eddie,
>
>> Some potential for integer overflow and not checking signed offsets.
>
> [...]
>
>> int fsi_device_read(struct fsi_device *dev, uint32_t addr, void *val,
>> size_t size)
>> {
>> - if (addr > dev->size)
>> - return -EINVAL;
>> -
>> - if (addr + size > dev->size)
>> + if (addr > dev->size || size > dev->size || addr > dev->size - size)
>> return -EINVAL;
>
> I liked the split conditional statements, but that's only personal
> preference. Regardless, LGTM.
My personal preference is also to split them out. It makes them easier
to read, and there's less noise in the diff if the conditions need to
be updated.
I applied this as-is to dev-4.7 for now.
> Acked-by: Jeremy Kerr <jk@ozlabs.org>
Thanks for the review Jeremy.
Cheers,
Joel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-22 14:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-21 21:17 [PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces Eddie James
2017-02-22 0:44 ` Jeremy Kerr
2017-02-22 14:01 ` Joel Stanley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.