* [PATCH] serial: samsung: fix buffer size for clk_name
@ 2023-01-16 14:16 Alexey V. Vissarionov
2023-01-16 16:16 ` Krzysztof Kozlowski
2023-01-19 14:52 ` Greg Kroah-Hartman
0 siblings, 2 replies; 7+ messages in thread
From: Alexey V. Vissarionov @ 2023-01-16 14:16 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Alim Akhtar, Greg Kroah-Hartman, Jiri Slaby, Thomas Abraham,
Kukjin Kim, linux-arm-kernel, linux-samsung-soc, linux-serial,
lvc-project, gremlin
[-- Attachment #1.1: Type: text/plain, Size: 2109 bytes --]
Although very unlikely, the 'clk_num' value may be as big as
2**32 - 1 (uint32_max), so the buffer should have enough
space for storing "clk_uart_baud4294967295\0".
Also, the numbers in clk_name are expected to be unsigned.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev based clock lookup")
Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
index 0fce856434dafd80..2c701dc7c6a37191 100644
--- a/drivers/tty/serial/samsung_tty.c
+++ b/drivers/tty/serial/samsung_tty.c
@@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level,
*
*/
-#define MAX_CLK_NAME_LENGTH 15
+#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */
static inline int s3c24xx_serial_getsource(struct uart_port *port)
{
@@ -1457,7 +1457,7 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport,
!(ourport->cfg->clk_sel & (1 << cnt)))
continue;
- sprintf(clkname, "clk_uart_baud%d", cnt);
+ sprintf(clkname, "clk_uart_baud%u", cnt);
clk = clk_get(ourport->port.dev, clkname);
if (IS_ERR(clk))
continue;
@@ -1957,7 +1957,7 @@ static int s3c24xx_serial_enable_baudclk(struct s3c24xx_uart_port *ourport)
if (!(clk_sel & (1 << clk_num)))
continue;
- sprintf(clk_name, "clk_uart_baud%d", clk_num);
+ sprintf(clk_name, "clk_uart_baud%u", clk_num);
clk = clk_get(dev, clk_name);
if (IS_ERR(clk))
continue;
@@ -2522,7 +2522,7 @@ s3c24xx_serial_get_options(struct uart_port *port, int *baud,
/* now calculate the baud rate */
clk_sel = s3c24xx_serial_getsource(port);
- sprintf(clk_name, "clk_uart_baud%d", clk_sel);
+ sprintf(clk_name, "clk_uart_baud%u", clk_sel);
clk = clk_get(port->dev, clk_name);
if (!IS_ERR(clk))
--
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] serial: samsung: fix buffer size for clk_name
2023-01-16 14:16 [PATCH] serial: samsung: fix buffer size for clk_name Alexey V. Vissarionov
@ 2023-01-16 16:16 ` Krzysztof Kozlowski
2023-01-16 18:26 ` Alexey V. Vissarionov
2023-01-19 14:52 ` Greg Kroah-Hartman
1 sibling, 1 reply; 7+ messages in thread
From: Krzysztof Kozlowski @ 2023-01-16 16:16 UTC (permalink / raw)
To: Alexey V. Vissarionov
Cc: Alim Akhtar, Greg Kroah-Hartman, Jiri Slaby, Thomas Abraham,
Kukjin Kim, linux-arm-kernel, linux-samsung-soc, linux-serial,
lvc-project
On 16/01/2023 15:16, Alexey V. Vissarionov wrote:
> Although very unlikely, the 'clk_num' value may be as big as
> 2**32 - 1 (uint32_max),
How it could be that high? Code has num_clks defined from 1 to 4 and it
is used as strict boundary for the loop so how it could end up here with
higher value?
s3c24xx_serial_getsource() also returns value & with mask, so up to 4
max. This does not look like real issue but some change to satisfy
static code analyzers, so I don't think it's correct approach.
Best regards,
Krzysztof
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] serial: samsung: fix buffer size for clk_name
2023-01-16 16:16 ` Krzysztof Kozlowski
@ 2023-01-16 18:26 ` Alexey V. Vissarionov
0 siblings, 0 replies; 7+ messages in thread
From: Alexey V. Vissarionov @ 2023-01-16 18:26 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Alexey V. Vissarionov, Alim Akhtar, Greg Kroah-Hartman,
Jiri Slaby, Thomas Abraham, Kukjin Kim, linux-arm-kernel,
linux-samsung-soc, linux-serial, lvc-project
[-- Attachment #1.1: Type: text/plain, Size: 1255 bytes --]
On 2023-01-16 17:16:59 +0100, Krzysztof Kozlowski wrote:
>> Although very unlikely, the 'clk_num' value may be as big
>> as 2**32 - 1 (uint32_max),
> How it could be that high? Code has num_clks defined from 1
> to 4 and it is used as strict boundary for the loop so how
> it could end up here with higher value?
That's why I called this "very unlikely". However, nobody can
definitely exclude the possibility of extending this limit in
the future.
> s3c24xx_serial_getsource() also returns value & with mask,
> so up to 4 max.
Possibly, clk_num should be uint8_t then - so the buffer size
could be extended up to only 17 bytes ("clk_uart_baud255\0")
with format specifiers changed to "%u", or 18 bytes for "%d"
(clk_uart_baud-128\0).
> This does not look like real issue but some change to satisfy
> static code analyzers, so I don't think it's correct approach.
Although I agree this is probably only a theoretical issue, it's
always easier to spend several bytes than to prove that we don't
need to.
But, anyway, the final decision is up to you.
--
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] serial: samsung: fix buffer size for clk_name
2023-01-16 14:16 [PATCH] serial: samsung: fix buffer size for clk_name Alexey V. Vissarionov
2023-01-16 16:16 ` Krzysztof Kozlowski
@ 2023-01-19 14:52 ` Greg Kroah-Hartman
2023-02-01 2:44 ` [PATCH v2] " Alexey V. Vissarionov
1 sibling, 1 reply; 7+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-19 14:52 UTC (permalink / raw)
To: Alexey V. Vissarionov
Cc: Krzysztof Kozlowski, Alim Akhtar, Jiri Slaby, Thomas Abraham,
Kukjin Kim, linux-arm-kernel, linux-samsung-soc, linux-serial,
lvc-project
On Mon, Jan 16, 2023 at 05:16:58PM +0300, Alexey V. Vissarionov wrote:
> Although very unlikely, the 'clk_num' value may be as big as
> 2**32 - 1 (uint32_max), so the buffer should have enough
> space for storing "clk_uart_baud4294967295\0".
> Also, the numbers in clk_name are expected to be unsigned.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev based clock lookup")
Please fix your scripts to use the proper number of SHA1 digits in a
Fixes: line as the documentation asks for.
thanks,
greg k-h
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] serial: samsung: fix buffer size for clk_name
2023-01-19 14:52 ` Greg Kroah-Hartman
@ 2023-02-01 2:44 ` Alexey V. Vissarionov
2023-02-01 7:09 ` Krzysztof Kozlowski
2023-02-01 13:06 ` Greg Kroah-Hartman
0 siblings, 2 replies; 7+ messages in thread
From: Alexey V. Vissarionov @ 2023-02-01 2:44 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Alexey V. Vissarionov, Krzysztof Kozlowski, Alim Akhtar,
Jiri Slaby, Thomas Abraham, Kukjin Kim, linux-arm-kernel,
linux-samsung-soc, linux-serial, lvc-project
[-- Attachment #1.1: Type: text/plain, Size: 2542 bytes --]
serial: samsung: fix buffer size for clk_name
Although very unlikely, the 'clk_num' value may be as big as
2**32 - 1 (uint32_max), so the buffer should have enough
space for storing "clk_uart_baud4294967295\0".
Also, the numbers in clk_name are expected to be unsigned.
Found by ALT Linux Team (altlinux.org) and Linux Verification
Center (linuxtesting.org) using SVACE.
Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
---
On 2023-01-19 15:52:38 +0100, Greg Kroah-Hartman wrote:
>> Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev
>> based clock lookup")
> Please fix your scripts to use the proper number of SHA1 digits
> in a Fixes: line as the documentation asks for.
Done. Also added the comment to the source regarding the buffer size.
diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
index 0fce856434dafd80..2c701dc7c6a37191 100644
--- a/drivers/tty/serial/samsung_tty.c
+++ b/drivers/tty/serial/samsung_tty.c
@@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level,
*
*/
-#define MAX_CLK_NAME_LENGTH 15
+#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */
static inline int s3c24xx_serial_getsource(struct uart_port *port)
{
@@ -1457,7 +1457,7 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport,
!(ourport->cfg->clk_sel & (1 << cnt)))
continue;
- sprintf(clkname, "clk_uart_baud%d", cnt);
+ sprintf(clkname, "clk_uart_baud%u", cnt);
clk = clk_get(ourport->port.dev, clkname);
if (IS_ERR(clk))
continue;
@@ -1957,7 +1957,7 @@ static int s3c24xx_serial_enable_baudclk(struct s3c24xx_uart_port *ourport)
if (!(clk_sel & (1 << clk_num)))
continue;
- sprintf(clk_name, "clk_uart_baud%d", clk_num);
+ sprintf(clk_name, "clk_uart_baud%u", clk_num);
clk = clk_get(dev, clk_name);
if (IS_ERR(clk))
continue;
@@ -2522,7 +2522,7 @@ s3c24xx_serial_get_options(struct uart_port *port, int *baud,
/* now calculate the baud rate */
clk_sel = s3c24xx_serial_getsource(port);
- sprintf(clk_name, "clk_uart_baud%d", clk_sel);
+ sprintf(clk_name, "clk_uart_baud%u", clk_sel);
clk = clk_get(port->dev, clk_name);
if (!IS_ERR(clk))
--
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] serial: samsung: fix buffer size for clk_name
2023-02-01 2:44 ` [PATCH v2] " Alexey V. Vissarionov
@ 2023-02-01 7:09 ` Krzysztof Kozlowski
2023-02-01 13:06 ` Greg Kroah-Hartman
1 sibling, 0 replies; 7+ messages in thread
From: Krzysztof Kozlowski @ 2023-02-01 7:09 UTC (permalink / raw)
To: Alexey V. Vissarionov, Greg Kroah-Hartman
Cc: Alim Akhtar, Jiri Slaby, Thomas Abraham, Kukjin Kim,
linux-arm-kernel, linux-samsung-soc, linux-serial, lvc-project
On 01/02/2023 03:44, Alexey V. Vissarionov wrote:
> serial: samsung: fix buffer size for clk_name
This does not belong here.
>
> Although very unlikely, the 'clk_num' value may be as big as
> 2**32 - 1 (uint32_max), so the buffer should have enough
> space for storing "clk_uart_baud4294967295\0".
> Also, the numbers in clk_name are expected to be unsigned.
>
> Found by ALT Linux Team (altlinux.org) and Linux Verification
> Center (linuxtesting.org) using SVACE.
>
> Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
> Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
How did you address my comments? the clk_num cannot be beig as 2^32-1.
It's not possible, if I understand correctly.
>
> ---
>
> On 2023-01-19 15:52:38 +0100, Greg Kroah-Hartman wrote:
>
> >> Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev
> >> based clock lookup")
> > Please fix your scripts to use the proper number of SHA1 digits
> > in a Fixes: line as the documentation asks for.
>
> Done. Also added the comment to the source regarding the buffer size.
>
>
> diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
> index 0fce856434dafd80..2c701dc7c6a37191 100644
> --- a/drivers/tty/serial/samsung_tty.c
> +++ b/drivers/tty/serial/samsung_tty.c
> @@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level,
> *
> */
>
> -#define MAX_CLK_NAME_LENGTH 15
> +#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */
NAK. It's just waste of space.
Best regards,
Krzysztof
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] serial: samsung: fix buffer size for clk_name
2023-02-01 2:44 ` [PATCH v2] " Alexey V. Vissarionov
2023-02-01 7:09 ` Krzysztof Kozlowski
@ 2023-02-01 13:06 ` Greg Kroah-Hartman
1 sibling, 0 replies; 7+ messages in thread
From: Greg Kroah-Hartman @ 2023-02-01 13:06 UTC (permalink / raw)
To: Alexey V. Vissarionov
Cc: Krzysztof Kozlowski, Alim Akhtar, Jiri Slaby, Thomas Abraham,
Kukjin Kim, linux-arm-kernel, linux-samsung-soc, linux-serial,
lvc-project
On Wed, Feb 01, 2023 at 05:44:57AM +0300, Alexey V. Vissarionov wrote:
> serial: samsung: fix buffer size for clk_name
>
> Although very unlikely, the 'clk_num' value may be as big as
> 2**32 - 1 (uint32_max), so the buffer should have enough
> space for storing "clk_uart_baud4294967295\0".
> Also, the numbers in clk_name are expected to be unsigned.
>
> Found by ALT Linux Team (altlinux.org) and Linux Verification
> Center (linuxtesting.org) using SVACE.
>
> Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
> Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
>
> ---
>
> On 2023-01-19 15:52:38 +0100, Greg Kroah-Hartman wrote:
>
> >> Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev
> >> based clock lookup")
> > Please fix your scripts to use the proper number of SHA1 digits
> > in a Fixes: line as the documentation asks for.
>
> Done. Also added the comment to the source regarding the buffer size.
>
>
> diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
> index 0fce856434dafd80..2c701dc7c6a37191 100644
> --- a/drivers/tty/serial/samsung_tty.c
> +++ b/drivers/tty/serial/samsung_tty.c
> @@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level,
> *
> */
>
> -#define MAX_CLK_NAME_LENGTH 15
> +#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */
>
> static inline int s3c24xx_serial_getsource(struct uart_port *port)
> {
> @@ -1457,7 +1457,7 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport,
> !(ourport->cfg->clk_sel & (1 << cnt)))
> continue;
>
> - sprintf(clkname, "clk_uart_baud%d", cnt);
> + sprintf(clkname, "clk_uart_baud%u", cnt);
So you bump the size of the buffer and continue to use an "unsafe" call
that could overflow the buffer? Is this a plan to submit a series of
patches all "fixing" something based on the last change? :)
As Krzysztof said, this whole thing is not needed at all. Please fix
your tool to generate valid changes.
thanks,
greg k-h
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-02-01 13:10 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-16 14:16 [PATCH] serial: samsung: fix buffer size for clk_name Alexey V. Vissarionov
2023-01-16 16:16 ` Krzysztof Kozlowski
2023-01-16 18:26 ` Alexey V. Vissarionov
2023-01-19 14:52 ` Greg Kroah-Hartman
2023-02-01 2:44 ` [PATCH v2] " Alexey V. Vissarionov
2023-02-01 7:09 ` Krzysztof Kozlowski
2023-02-01 13:06 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).