linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] intel-iommu: Fix array overflow
@ 2007-10-23  8:57 Takashi Iwai
  2007-10-24 23:30 ` Mark Gross
  0 siblings, 1 reply; 4+ messages in thread
From: Takashi Iwai @ 2007-10-23  8:57 UTC (permalink / raw)
  To: linux-kernel; +Cc: torvalds, anil.s.keshavamurthy

Fix possible array overflow:

drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’:
drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’:
drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds

Signed-off-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/pci/intel-iommu.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
index b3d7031..e4b0a0d 100644
--- a/drivers/pci/intel-iommu.c
+++ b/drivers/pci/intel-iommu.c
@@ -749,8 +749,8 @@ static char *fault_reason_strings[] =
 
 char *dmar_get_fault_reason(u8 fault_reason)
 {
-	if (fault_reason > MAX_FAULT_REASON_IDX)
-		return fault_reason_strings[MAX_FAULT_REASON_IDX];
+	if (fault_reason >= MAX_FAULT_REASON_IDX)
+		return fault_reason_strings[MAX_FAULT_REASON_IDX - 1];
 	else
 		return fault_reason_strings[fault_reason];
 }

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow
  2007-10-23  8:57 [PATCH] intel-iommu: Fix array overflow Takashi Iwai
@ 2007-10-24 23:30 ` Mark Gross
  2007-10-25  7:31   ` Takashi Iwai
  0 siblings, 1 reply; 4+ messages in thread
From: Mark Gross @ 2007-10-24 23:30 UTC (permalink / raw)
  To: Takashi Iwai; +Cc: linux-kernel, torvalds, anil.s.keshavamurthy

On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote:
> Fix possible array overflow:
> 
> drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’:
> drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’:
> drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> 
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> 
> ---
>  drivers/pci/intel-iommu.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
> index b3d7031..e4b0a0d 100644
> --- a/drivers/pci/intel-iommu.c
> +++ b/drivers/pci/intel-iommu.c
> @@ -749,8 +749,8 @@ static char *fault_reason_strings[] =
>  
>  char *dmar_get_fault_reason(u8 fault_reason)
>  {
> -	if (fault_reason > MAX_FAULT_REASON_IDX)
> -		return fault_reason_strings[MAX_FAULT_REASON_IDX];
> +	if (fault_reason >= MAX_FAULT_REASON_IDX)
> +		return fault_reason_strings[MAX_FAULT_REASON_IDX - 1];

This looks like what the code meant to implement.  I guess future
hardware may be able to generate more types of faults, otherwise I'd put
a BUG here.

--mgross


>  	else
>  		return fault_reason_strings[fault_reason];
>  }
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow
  2007-10-24 23:30 ` Mark Gross
@ 2007-10-25  7:31   ` Takashi Iwai
  2007-10-25 15:15     ` Keshavamurthy, Anil S
  0 siblings, 1 reply; 4+ messages in thread
From: Takashi Iwai @ 2007-10-25  7:31 UTC (permalink / raw)
  To: mgross; +Cc: linux-kernel, torvalds, anil.s.keshavamurthy

At Wed, 24 Oct 2007 16:30:37 -0700,
Mark Gross wrote:
> 
> On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote:
> > Fix possible array overflow:
> > 
> > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’:
> > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’:
> > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> > 
> > Signed-off-by: Takashi Iwai <tiwai@suse.de>
> > 
> > ---
> >  drivers/pci/intel-iommu.c |    4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
> > index b3d7031..e4b0a0d 100644
> > --- a/drivers/pci/intel-iommu.c
> > +++ b/drivers/pci/intel-iommu.c
> > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] =
> >  
> >  char *dmar_get_fault_reason(u8 fault_reason)
> >  {
> > -	if (fault_reason > MAX_FAULT_REASON_IDX)
> > -		return fault_reason_strings[MAX_FAULT_REASON_IDX];
> > +	if (fault_reason >= MAX_FAULT_REASON_IDX)
> > +		return fault_reason_strings[MAX_FAULT_REASON_IDX - 1];
> 
> This looks like what the code meant to implement.

I think not.  The size of fault_reason_strings[] is
MAX_FAULT_REASON_IDX, not + 1.  So gcc warning is correct.
Maybe the main problem is that the constant name is confusing...


Takashi

>  I guess future
> hardware may be able to generate more types of faults, otherwise I'd put
> a BUG here.
> 
> --mgross
> 
> 
> >  	else
> >  		return fault_reason_strings[fault_reason];
> >  }
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow
  2007-10-25  7:31   ` Takashi Iwai
@ 2007-10-25 15:15     ` Keshavamurthy, Anil S
  0 siblings, 0 replies; 4+ messages in thread
From: Keshavamurthy, Anil S @ 2007-10-25 15:15 UTC (permalink / raw)
  To: Takashi Iwai; +Cc: mgross, linux-kernel, torvalds, anil.s.keshavamurthy

On Thu, Oct 25, 2007 at 09:31:02AM +0200, Takashi Iwai wrote:
> At Wed, 24 Oct 2007 16:30:37 -0700,
> Mark Gross wrote:
> > 
> > On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote:
> > > Fix possible array overflow:
> > > 
> > > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’:
> > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> > > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’:
> > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds
> > > 
> > > Signed-off-by: Takashi Iwai <tiwai@suse.de>
> > > 
> > > ---
> > >  drivers/pci/intel-iommu.c |    4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
> > > index b3d7031..e4b0a0d 100644
> > > --- a/drivers/pci/intel-iommu.c
> > > +++ b/drivers/pci/intel-iommu.c
> > > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] =
> > >  
> > >  char *dmar_get_fault_reason(u8 fault_reason)
> > >  {
> > > -	if (fault_reason > MAX_FAULT_REASON_IDX)
> > > -		return fault_reason_strings[MAX_FAULT_REASON_IDX];
> > > +	if (fault_reason >= MAX_FAULT_REASON_IDX)
> > > +		return fault_reason_strings[MAX_FAULT_REASON_IDX - 1];
> > 
> > This looks like what the code meant to implement.
> 
> I think not.  The size of fault_reason_strings[] is
> MAX_FAULT_REASON_IDX, not + 1.  So gcc warning is correct.
> Maybe the main problem is that the constant name is confusing...
Yup, GCC warning is correct. the size of fault_reason_strings[]
is MAX_FAULT_REASON_IDX and hence the max array that can be 
referenced is [MAX_FAULT_REASON_IDX -1], hence the fix by
Takashi is correct.

-Anil

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-10-25 15:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-23  8:57 [PATCH] intel-iommu: Fix array overflow Takashi Iwai
2007-10-24 23:30 ` Mark Gross
2007-10-25  7:31   ` Takashi Iwai
2007-10-25 15:15     ` Keshavamurthy, Anil S

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).