linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] powerpc/crash: Rearrange loop condition to avoid out of bounds array access
@ 2016-07-11  4:17 Suraj Jitindar Singh
  2016-07-11  4:22 ` Andrew Donnellan
  2016-07-15 10:53 ` Michael Ellerman
  0 siblings, 2 replies; 3+ messages in thread
From: Suraj Jitindar Singh @ 2016-07-11  4:17 UTC (permalink / raw)
  To: linuxppc-dev; +Cc: mpe, sjitindarsingh

The array crash_shutdown_handles[] has size CRASH_HANDLER_MAX, thus when
we loop over the elements of the list we check crash_shutdown_handles[i]
&& i < CRASH_HANDLER_MAX. However this means that when we increment i to
CRASH_HANDLER_MAX we will perform an out of bound array access checking
the first condition before exiting on the second condition.

To avoid the out of bounds access, simply reorder the loop conditions.

Fixes Coverity bug #128232

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 arch/powerpc/kernel/crash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/crash.c b/arch/powerpc/kernel/crash.c
index 888bdf1..47b63de 100644
--- a/arch/powerpc/kernel/crash.c
+++ b/arch/powerpc/kernel/crash.c
@@ -351,7 +351,7 @@ void default_machine_crash_shutdown(struct pt_regs *regs)
 	old_handler = __debugger_fault_handler;
 	__debugger_fault_handler = handle_fault;
 	crash_shutdown_cpu = smp_processor_id();
-	for (i = 0; crash_shutdown_handles[i] && i < CRASH_HANDLER_MAX; i++) {
+	for (i = 0; i < CRASH_HANDLER_MAX && crash_shutdown_handles[i]; i++) {
 		if (setjmp(crash_shutdown_buf) == 0) {
 			/*
 			 * Insert syncs and delay to ensure
-- 
2.5.5

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] powerpc/crash: Rearrange loop condition to avoid out of bounds array access
  2016-07-11  4:17 [PATCH] powerpc/crash: Rearrange loop condition to avoid out of bounds array access Suraj Jitindar Singh
@ 2016-07-11  4:22 ` Andrew Donnellan
  2016-07-15 10:53 ` Michael Ellerman
  1 sibling, 0 replies; 3+ messages in thread
From: Andrew Donnellan @ 2016-07-11  4:22 UTC (permalink / raw)
  To: Suraj Jitindar Singh, linuxppc-dev

On 11/07/16 14:17, Suraj Jitindar Singh wrote:
> The array crash_shutdown_handles[] has size CRASH_HANDLER_MAX, thus when
> we loop over the elements of the list we check crash_shutdown_handles[i]
> && i < CRASH_HANDLER_MAX. However this means that when we increment i to
> CRASH_HANDLER_MAX we will perform an out of bound array access checking
> the first condition before exiting on the second condition.
>
> To avoid the out of bounds access, simply reorder the loop conditions.
>
> Fixes Coverity bug #128232
>
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Fixes: 1d1451655bad ("powerpc: Add array bounds checking to 
crash_shutdown_handlers")
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: powerpc/crash: Rearrange loop condition to avoid out of bounds array access
  2016-07-11  4:17 [PATCH] powerpc/crash: Rearrange loop condition to avoid out of bounds array access Suraj Jitindar Singh
  2016-07-11  4:22 ` Andrew Donnellan
@ 2016-07-15 10:53 ` Michael Ellerman
  1 sibling, 0 replies; 3+ messages in thread
From: Michael Ellerman @ 2016-07-15 10:53 UTC (permalink / raw)
  To: Suraj Jitindar Singh, linuxppc-dev; +Cc: sjitindarsingh

On Mon, 2016-11-07 at 04:17:31 UTC, Suraj Jitindar Singh wrote:
> The array crash_shutdown_handles[] has size CRASH_HANDLER_MAX, thus when
> we loop over the elements of the list we check crash_shutdown_handles[i]
> && i < CRASH_HANDLER_MAX. However this means that when we increment i to
> CRASH_HANDLER_MAX we will perform an out of bound array access checking
> the first condition before exiting on the second condition.
> 
> To avoid the out of bounds access, simply reorder the loop conditions.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/a7d6392866e9777cb287ad194c

cheers

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-07-15 10:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-11  4:17 [PATCH] powerpc/crash: Rearrange loop condition to avoid out of bounds array access Suraj Jitindar Singh
2016-07-11  4:22 ` Andrew Donnellan
2016-07-15 10:53 ` Michael Ellerman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).