From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: [1/3] RAS/CEC: fix __find_elem From: WANG Chao Message-Id: <20190425075612.GA10363@WANG-Chaos-MacBook-Pro.local> Date: Thu, 25 Apr 2019 15:56:12 +0800 To: Borislav Petkov Cc: Tony Luck , linux-kernel@vger.kernel.org, linux-edac@vger.kernel.org List-ID: T24gMDQvMTgvMTkgYXQgMTE6NDFQLCBXQU5HIENoYW8gd3JvdGU6Cj4gQSBsZWZ0IG92ZXIgcGZu IChiZWNhdXNlIHdlIGRvbid0IGNsZWFyKSBhdCBjYS0+YXJyYXlbbl0gY2FuIGJlIGEgbWF0Y2gK PiBpbiBfX2ZpbmRfZWxlbS4gTGF0ZXIgaXQnZCBjYXVzZSBhIG1lbW1vdmUgc2l6ZSBvdmVyZmxv dyBpbiBkZWxfZWxlbS4KPiAKPiBTaWduZWQtb2ZmLWJ5OiBXQU5HIENoYW8gPGNoYW8ud2FuZ0B1 Y2xvdWQuY24+Cj4gLS0tCj4gIGRyaXZlcnMvcmFzL2NlYy5jIHwgMiArLQo+ICAxIGZpbGUgY2hh bmdlZCwgMSBpbnNlcnRpb24oKyksIDEgZGVsZXRpb24oLSkKPiAKPiBkaWZmIC0tZ2l0IGEvZHJp dmVycy9yYXMvY2VjLmMgYi9kcml2ZXJzL3Jhcy9jZWMuYwo+IGluZGV4IDJkOWVjMzc4YThiYy4u MmUwYmYxMjY5YzMxIDEwMDY0NAo+IC0tLSBhL2RyaXZlcnMvcmFzL2NlYy5jCj4gKysrIGIvZHJp dmVycy9yYXMvY2VjLmMKPiBAQCAtMjA2LDcgKzIwNiw3IEBAIHN0YXRpYyBpbnQgX19maW5kX2Vs ZW0oc3RydWN0IGNlX2FycmF5ICpjYSwgdTY0IHBmbiwgdW5zaWduZWQgaW50ICp0bykKPiAgCj4g IAl0aGlzX3BmbiA9IFBGTihjYS0+YXJyYXlbbWluXSk7Cj4gIAo+IC0JaWYgKHRoaXNfcGZuID09 IHBmbikKPiArCWlmICh0aGlzX3BmbiA9PSBwZm4gJiYgY2EtPm4gPiBtaW4pCj4gIAkJcmV0dXJu IG1pbjsKPiAgCj4gIAlyZXR1cm4gLUVOT0tFWTsKCkFueSB0aG91Z2h0IG9uIHRoaXMgb25lPwo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B232C10F03 for ; Thu, 25 Apr 2019 07:56:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E6CE7208E4 for ; Thu, 25 Apr 2019 07:56:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728572AbfDYH4S (ORCPT ); Thu, 25 Apr 2019 03:56:18 -0400 Received: from m97179.mail.qiye.163.com ([220.181.97.179]:3162 "EHLO m97179.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728012AbfDYH4R (ORCPT ); Thu, 25 Apr 2019 03:56:17 -0400 Received: from localhost (unknown [117.48.120.186]) by m97179.mail.qiye.163.com (Hmail) with ESMTPA id CF953E01716; Thu, 25 Apr 2019 15:56:12 +0800 (CST) Date: Thu, 25 Apr 2019 15:56:12 +0800 From: WANG Chao To: Borislav Petkov Cc: Tony Luck , linux-kernel@vger.kernel.org, linux-edac@vger.kernel.org Subject: Re: [PATCH 1/3] RAS/CEC: fix __find_elem Message-ID: <20190425075612.GA10363@WANG-Chaos-MacBook-Pro.local> References: <20190418034115.75954-1-chao.wang@ucloud.cn> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline In-Reply-To: <20190418034115.75954-1-chao.wang@ucloud.cn> User-Agent: Mutt/1.11.4 (2019-03-13) X-HM-Spam-Status: e1kIGBQJHllBWUtVS1lXWShZQUlCN1dZLVlBSVdZCQ4XHghZQVkyNS06Nz I*QUtVS1kG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MUk6ARw*Szg#UTUiLz4zIkkr UQgwFAhVSlVKTk5NSkxDQkxIS0tLVTMWGhIXVRgTGhRVDBoVHDsOGBcUDh9VGBVFWVdZEgtZQVlK SkxVT0NVSklLVUpDTVlXWQgBWUFKTE1ONwY+ X-HM-Tid: 0a6a537eb0bc20bdkuqycf953e01716 Sender: linux-edac-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-edac@vger.kernel.org Message-ID: <20190425075612.JX0tuJ2919l4JW4j6cm-RaFRmc5Gbvdo0G4xyTAGL8g@z> On 04/18/19 at 11:41P, WANG Chao wrote: > A left over pfn (because we don't clear) at ca->array[n] can be a match > in __find_elem. Later it'd cause a memmove size overflow in del_elem. > > Signed-off-by: WANG Chao > --- > drivers/ras/cec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c > index 2d9ec378a8bc..2e0bf1269c31 100644 > --- a/drivers/ras/cec.c > +++ b/drivers/ras/cec.c > @@ -206,7 +206,7 @@ static int __find_elem(struct ce_array *ca, u64 pfn, unsigned int *to) > > this_pfn = PFN(ca->array[min]); > > - if (this_pfn == pfn) > + if (this_pfn == pfn && ca->n > min) > return min; > > return -ENOKEY; Any thought on this one?