* [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
@ 2020-07-15 12:13 Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:09 ` Guenter Roeck
0 siblings, 2 replies; 6+ messages in thread
From: Cristian Marussi @ 2020-07-15 12:13 UTC (permalink / raw)
To: linux-kernel, linux-hwmon; +Cc: jdelvare, linux, cristian.marussi, sudeep.holla
SMATCH detected a potential buffer overflow in the manipulation of
hwmon_attributes array inside the scmi_hwmon_probe function:
drivers/hwmon/scmi-hwmon.c:226
scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
Fix it by statically declaring the size of the array as the maximum
possible as defined by hwmon_max define.
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
---
drivers/hwmon/scmi-hwmon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c
index 281454c5c5b1..758f66fc9afe 100644
--- a/drivers/hwmon/scmi-hwmon.c
+++ b/drivers/hwmon/scmi-hwmon.c
@@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = {
[ENERGY] = hwmon_energy,
};
-static u32 hwmon_attributes[] = {
+static u32 hwmon_attributes[hwmon_max] = {
[hwmon_chip] = HWMON_C_REGISTER_TZ,
[hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL,
[hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
@ 2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:55 ` Guenter Roeck
2020-07-15 14:09 ` Guenter Roeck
1 sibling, 1 reply; 6+ messages in thread
From: Sudeep Holla @ 2020-07-15 13:00 UTC (permalink / raw)
To: Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare, linux, Sudeep Holla
On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> SMATCH detected a potential buffer overflow in the manipulation of
> hwmon_attributes array inside the scmi_hwmon_probe function:
>
> drivers/hwmon/scmi-hwmon.c:226
> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>
> Fix it by statically declaring the size of the array as the maximum
> possible as defined by hwmon_max define.
>
Makes sense to me,
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
There may be other such instances. I am not sure if Guenter has ignored
them intentionally or just no one has fixed them so far.
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
@ 2020-07-15 14:09 ` Guenter Roeck
1 sibling, 0 replies; 6+ messages in thread
From: Guenter Roeck @ 2020-07-15 14:09 UTC (permalink / raw)
To: Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare, sudeep.holla
On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> SMATCH detected a potential buffer overflow in the manipulation of
> hwmon_attributes array inside the scmi_hwmon_probe function:
>
> drivers/hwmon/scmi-hwmon.c:226
> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>
> Fix it by statically declaring the size of the array as the maximum
> possible as defined by hwmon_max define.
>
> Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Applied.
Thanks,
Guenter
> ---
> drivers/hwmon/scmi-hwmon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c
> index 281454c5c5b1..758f66fc9afe 100644
> --- a/drivers/hwmon/scmi-hwmon.c
> +++ b/drivers/hwmon/scmi-hwmon.c
> @@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = {
> [ENERGY] = hwmon_energy,
> };
>
> -static u32 hwmon_attributes[] = {
> +static u32 hwmon_attributes[hwmon_max] = {
> [hwmon_chip] = HWMON_C_REGISTER_TZ,
> [hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL,
> [hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
2020-07-15 13:00 ` Sudeep Holla
@ 2020-07-15 14:55 ` Guenter Roeck
2020-07-15 15:44 ` Sudeep Holla
2020-07-15 16:31 ` Cristian Marussi
0 siblings, 2 replies; 6+ messages in thread
From: Guenter Roeck @ 2020-07-15 14:55 UTC (permalink / raw)
To: Sudeep Holla, Cristian Marussi; +Cc: linux-kernel, linux-hwmon, jdelvare
On 7/15/20 6:00 AM, Sudeep Holla wrote:
> On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
>> SMATCH detected a potential buffer overflow in the manipulation of
>> hwmon_attributes array inside the scmi_hwmon_probe function:
>>
>> drivers/hwmon/scmi-hwmon.c:226
>> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>>
>> Fix it by statically declaring the size of the array as the maximum
>> possible as defined by hwmon_max define.
>>
>
> Makes sense to me,
>
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
>
> There may be other such instances. I am not sure if Guenter has ignored
> them intentionally or just no one has fixed them so far.
I am not perfect. No, I have not intentionally ignored anything,
and I don't recall seeing smatch reports (or this patch) before.
Guenter
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
2020-07-15 14:55 ` Guenter Roeck
@ 2020-07-15 15:44 ` Sudeep Holla
2020-07-15 16:31 ` Cristian Marussi
1 sibling, 0 replies; 6+ messages in thread
From: Sudeep Holla @ 2020-07-15 15:44 UTC (permalink / raw)
To: Guenter Roeck
Cc: Cristian Marussi, linux-kernel, linux-hwmon, jdelvare, Sudeep Holla
On Wed, Jul 15, 2020 at 07:55:52AM -0700, Guenter Roeck wrote:
> On 7/15/20 6:00 AM, Sudeep Holla wrote:
> > On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> >> SMATCH detected a potential buffer overflow in the manipulation of
> >> hwmon_attributes array inside the scmi_hwmon_probe function:
> >>
> >> drivers/hwmon/scmi-hwmon.c:226
> >> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> >>
> >> Fix it by statically declaring the size of the array as the maximum
> >> possible as defined by hwmon_max define.
> >>
> >
> > Makes sense to me,
> >
> > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> >
> > There may be other such instances. I am not sure if Guenter has ignored
> > them intentionally or just no one has fixed them so far.
>
> I am not perfect. No, I have not intentionally ignored anything,
> and I don't recall seeing smatch reports (or this patch) before.
>
Sorry, it was not complaint, it does sound so now when I read that again.
What I meant is, not everyone likes to fix all the warnings from various
tools and I was just asking if this falls into that category as the
overflow can't happen if we use the standard hwmon_max enums as indicies.
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
2020-07-15 14:55 ` Guenter Roeck
2020-07-15 15:44 ` Sudeep Holla
@ 2020-07-15 16:31 ` Cristian Marussi
1 sibling, 0 replies; 6+ messages in thread
From: Cristian Marussi @ 2020-07-15 16:31 UTC (permalink / raw)
To: Guenter Roeck; +Cc: Sudeep Holla, linux-kernel, linux-hwmon, jdelvare
On Wed, Jul 15, 2020 at 07:55:52AM -0700, Guenter Roeck wrote:
> On 7/15/20 6:00 AM, Sudeep Holla wrote:
> > On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> >> SMATCH detected a potential buffer overflow in the manipulation of
> >> hwmon_attributes array inside the scmi_hwmon_probe function:
> >>
> >> drivers/hwmon/scmi-hwmon.c:226
> >> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> >>
> >> Fix it by statically declaring the size of the array as the maximum
> >> possible as defined by hwmon_max define.
> >>
> >
> > Makes sense to me,
> >
> > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> >
> > There may be other such instances. I am not sure if Guenter has ignored
> > them intentionally or just no one has fixed them so far.
>
> I am not perfect. No, I have not intentionally ignored anything,
> and I don't recall seeing smatch reports (or this patch) before.
Sorry, that's my fault I sent this patch the first time to the wrong recipients.
Cristian
>
> Guenter
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-15 16:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:55 ` Guenter Roeck
2020-07-15 15:44 ` Sudeep Holla
2020-07-15 16:31 ` Cristian Marussi
2020-07-15 14:09 ` Guenter Roeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).