Linux-Hwmon Archive on lore.kernel.org
 help / color / Atom feed
* [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
@ 2020-07-15 12:13 Cristian Marussi
  2020-07-15 13:00 ` Sudeep Holla
  2020-07-15 14:09 ` Guenter Roeck
  0 siblings, 2 replies; 6+ messages in thread
From: Cristian Marussi @ 2020-07-15 12:13 UTC (permalink / raw)
  To: linux-kernel, linux-hwmon; +Cc: jdelvare, linux, cristian.marussi, sudeep.holla

SMATCH detected a potential buffer overflow in the manipulation of
hwmon_attributes array inside the scmi_hwmon_probe function:

drivers/hwmon/scmi-hwmon.c:226
 scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9

Fix it by statically declaring the size of the array as the maximum
possible as defined by hwmon_max define.

Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
---
 drivers/hwmon/scmi-hwmon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c
index 281454c5c5b1..758f66fc9afe 100644
--- a/drivers/hwmon/scmi-hwmon.c
+++ b/drivers/hwmon/scmi-hwmon.c
@@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = {
 	[ENERGY] = hwmon_energy,
 };
 
-static u32 hwmon_attributes[] = {
+static u32 hwmon_attributes[hwmon_max] = {
 	[hwmon_chip] = HWMON_C_REGISTER_TZ,
 	[hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL,
 	[hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
  2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
@ 2020-07-15 13:00 ` Sudeep Holla
  2020-07-15 14:55   ` Guenter Roeck
  2020-07-15 14:09 ` Guenter Roeck
  1 sibling, 1 reply; 6+ messages in thread
From: Sudeep Holla @ 2020-07-15 13:00 UTC (permalink / raw)
  To: Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare, linux, Sudeep Holla

On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> SMATCH detected a potential buffer overflow in the manipulation of
> hwmon_attributes array inside the scmi_hwmon_probe function:
>
> drivers/hwmon/scmi-hwmon.c:226
>  scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>
> Fix it by statically declaring the size of the array as the maximum
> possible as defined by hwmon_max define.
>

Makes sense to me,

Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>

There may be other such instances. I am not sure if Guenter has ignored
them intentionally or just no one has fixed them so far.

--
Regards,
Sudeep

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
  2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
  2020-07-15 13:00 ` Sudeep Holla
@ 2020-07-15 14:09 ` Guenter Roeck
  1 sibling, 0 replies; 6+ messages in thread
From: Guenter Roeck @ 2020-07-15 14:09 UTC (permalink / raw)
  To: Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare, sudeep.holla

On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> SMATCH detected a potential buffer overflow in the manipulation of
> hwmon_attributes array inside the scmi_hwmon_probe function:
> 
> drivers/hwmon/scmi-hwmon.c:226
>  scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> 
> Fix it by statically declaring the size of the array as the maximum
> possible as defined by hwmon_max define.
> 
> Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>

Applied.

Thanks,
Guenter

> ---
>  drivers/hwmon/scmi-hwmon.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c
> index 281454c5c5b1..758f66fc9afe 100644
> --- a/drivers/hwmon/scmi-hwmon.c
> +++ b/drivers/hwmon/scmi-hwmon.c
> @@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = {
>  	[ENERGY] = hwmon_energy,
>  };
>  
> -static u32 hwmon_attributes[] = {
> +static u32 hwmon_attributes[hwmon_max] = {
>  	[hwmon_chip] = HWMON_C_REGISTER_TZ,
>  	[hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL,
>  	[hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
  2020-07-15 13:00 ` Sudeep Holla
@ 2020-07-15 14:55   ` Guenter Roeck
  2020-07-15 15:44     ` Sudeep Holla
  2020-07-15 16:31     ` Cristian Marussi
  0 siblings, 2 replies; 6+ messages in thread
From: Guenter Roeck @ 2020-07-15 14:55 UTC (permalink / raw)
  To: Sudeep Holla, Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare

On 7/15/20 6:00 AM, Sudeep Holla wrote:
> On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
>> SMATCH detected a potential buffer overflow in the manipulation of
>> hwmon_attributes array inside the scmi_hwmon_probe function:
>>
>> drivers/hwmon/scmi-hwmon.c:226
>>  scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>>
>> Fix it by statically declaring the size of the array as the maximum
>> possible as defined by hwmon_max define.
>>
> 
> Makes sense to me,
> 
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> 
> There may be other such instances. I am not sure if Guenter has ignored
> them intentionally or just no one has fixed them so far.

I am not perfect. No, I have not intentionally ignored anything,
and I don't recall seeing smatch reports (or this patch) before.

Guenter

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
  2020-07-15 14:55   ` Guenter Roeck
@ 2020-07-15 15:44     ` Sudeep Holla
  2020-07-15 16:31     ` Cristian Marussi
  1 sibling, 0 replies; 6+ messages in thread
From: Sudeep Holla @ 2020-07-15 15:44 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: Cristian Marussi, linux-kernel, linux-hwmon, jdelvare, Sudeep Holla

On Wed, Jul 15, 2020 at 07:55:52AM -0700, Guenter Roeck wrote:
> On 7/15/20 6:00 AM, Sudeep Holla wrote:
> > On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> >> SMATCH detected a potential buffer overflow in the manipulation of
> >> hwmon_attributes array inside the scmi_hwmon_probe function:
> >>
> >> drivers/hwmon/scmi-hwmon.c:226
> >>  scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> >>
> >> Fix it by statically declaring the size of the array as the maximum
> >> possible as defined by hwmon_max define.
> >>
> > 
> > Makes sense to me,
> > 
> > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> > 
> > There may be other such instances. I am not sure if Guenter has ignored
> > them intentionally or just no one has fixed them so far.
> 
> I am not perfect. No, I have not intentionally ignored anything,
> and I don't recall seeing smatch reports (or this patch) before.
> 

Sorry, it was not complaint, it does sound so now when I read that again.

What I meant is, not everyone likes to fix all the warnings from various
tools and I was just asking if this falls into that category as the
overflow can't happen if we use the standard hwmon_max enums as indicies.

-- 
Regards,
Sudeep

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
  2020-07-15 14:55   ` Guenter Roeck
  2020-07-15 15:44     ` Sudeep Holla
@ 2020-07-15 16:31     ` Cristian Marussi
  1 sibling, 0 replies; 6+ messages in thread
From: Cristian Marussi @ 2020-07-15 16:31 UTC (permalink / raw)
  To: Guenter Roeck; +Cc: Sudeep Holla, linux-kernel, linux-hwmon, jdelvare

On Wed, Jul 15, 2020 at 07:55:52AM -0700, Guenter Roeck wrote:
> On 7/15/20 6:00 AM, Sudeep Holla wrote:
> > On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> >> SMATCH detected a potential buffer overflow in the manipulation of
> >> hwmon_attributes array inside the scmi_hwmon_probe function:
> >>
> >> drivers/hwmon/scmi-hwmon.c:226
> >>  scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> >>
> >> Fix it by statically declaring the size of the array as the maximum
> >> possible as defined by hwmon_max define.
> >>
> > 
> > Makes sense to me,
> > 
> > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> > 
> > There may be other such instances. I am not sure if Guenter has ignored
> > them intentionally or just no one has fixed them so far.
> 
> I am not perfect. No, I have not intentionally ignored anything,
> and I don't recall seeing smatch reports (or this patch) before.

Sorry, that's my fault I sent this patch the first time to the wrong recipients.

Cristian

> 
> Guenter

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:55   ` Guenter Roeck
2020-07-15 15:44     ` Sudeep Holla
2020-07-15 16:31     ` Cristian Marussi
2020-07-15 14:09 ` Guenter Roeck

Linux-Hwmon Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-hwmon/0 linux-hwmon/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-hwmon linux-hwmon/ https://lore.kernel.org/linux-hwmon \
		linux-hwmon@vger.kernel.org
	public-inbox-index linux-hwmon

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-hwmon


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git