From: Dan Carpenter <dan.carpenter@oracle.com>
To: Derek Kiernan <derek.kiernan@xilinx.com>,
Dragan Cvetic <dragan.cvetic@xilinx.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kernel-janitors@vger.kernel.org,
Michal Simek <michal.simek@xilinx.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 4/4] misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write()
Date: Wed, 21 Aug 2019 07:11:22 +0000 [thread overview]
Message-ID: <20190821071122.GD26957@mwanda> (raw)
In-Reply-To: <20190821070606.GA26957@mwanda>
The checking here needs to handle integer overflows because "offset" and
"len" come from the user.
Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/misc/xilinx_sdfec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
index 3fc53d20abf3..0bf3bcc8e1ef 100644
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -611,7 +611,9 @@ static int xsdfec_table_write(struct xsdfec_dev *xsdfec, u32 offset,
* Writes that go beyond the length of
* Shared Scale(SC) table should fail
*/
- if ((XSDFEC_REG_WIDTH_JUMP * (offset + len)) > depth) {
+ if (offset > depth / XSDFEC_REG_WIDTH_JUMP ||
+ len > depth / XSDFEC_REG_WIDTH_JUMP ||
+ offset + len > depth / XSDFEC_REG_WIDTH_JUMP) {
dev_dbg(xsdfec->dev, "Write exceeds SC table length");
return -EINVAL;
}
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Derek Kiernan <derek.kiernan@xilinx.com>,
Dragan Cvetic <dragan.cvetic@xilinx.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kernel-janitors@vger.kernel.org,
Michal Simek <michal.simek@xilinx.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 4/4] misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write()
Date: Wed, 21 Aug 2019 10:11:22 +0300 [thread overview]
Message-ID: <20190821071122.GD26957@mwanda> (raw)
In-Reply-To: <20190821070606.GA26957@mwanda>
The checking here needs to handle integer overflows because "offset" and
"len" come from the user.
Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/misc/xilinx_sdfec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
index 3fc53d20abf3..0bf3bcc8e1ef 100644
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -611,7 +611,9 @@ static int xsdfec_table_write(struct xsdfec_dev *xsdfec, u32 offset,
* Writes that go beyond the length of
* Shared Scale(SC) table should fail
*/
- if ((XSDFEC_REG_WIDTH_JUMP * (offset + len)) > depth) {
+ if (offset > depth / XSDFEC_REG_WIDTH_JUMP ||
+ len > depth / XSDFEC_REG_WIDTH_JUMP ||
+ offset + len > depth / XSDFEC_REG_WIDTH_JUMP) {
dev_dbg(xsdfec->dev, "Write exceeds SC table length");
return -EINVAL;
}
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Derek Kiernan <derek.kiernan@xilinx.com>,
Dragan Cvetic <dragan.cvetic@xilinx.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Michal Simek <michal.simek@xilinx.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH 4/4] misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write()
Date: Wed, 21 Aug 2019 10:11:22 +0300 [thread overview]
Message-ID: <20190821071122.GD26957@mwanda> (raw)
In-Reply-To: <20190821070606.GA26957@mwanda>
The checking here needs to handle integer overflows because "offset" and
"len" come from the user.
Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/misc/xilinx_sdfec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
index 3fc53d20abf3..0bf3bcc8e1ef 100644
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -611,7 +611,9 @@ static int xsdfec_table_write(struct xsdfec_dev *xsdfec, u32 offset,
* Writes that go beyond the length of
* Shared Scale(SC) table should fail
*/
- if ((XSDFEC_REG_WIDTH_JUMP * (offset + len)) > depth) {
+ if (offset > depth / XSDFEC_REG_WIDTH_JUMP ||
+ len > depth / XSDFEC_REG_WIDTH_JUMP ||
+ offset + len > depth / XSDFEC_REG_WIDTH_JUMP) {
dev_dbg(xsdfec->dev, "Write exceeds SC table length");
return -EINVAL;
}
--
2.20.1
next prev parent reply other threads:[~2019-08-21 7:11 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 7:06 [PATCH 1/4] misc: xilinx_sdfec: Fix a couple small information leaks Dan Carpenter
2019-08-21 7:06 ` Dan Carpenter
2019-08-21 7:06 ` Dan Carpenter
2019-08-21 7:07 ` [PATCH 2/4] misc: xilinx_sdfec: Return -EFAULT if copy_from_user() fails Dan Carpenter
2019-08-21 7:07 ` Dan Carpenter
2019-08-21 7:07 ` Dan Carpenter
2019-08-22 8:16 ` Michal Simek
2019-08-22 8:16 ` Michal Simek
2019-08-22 8:16 ` Michal Simek
2019-08-22 8:31 ` [PATCH 2/4 v2] " Dan Carpenter
2019-08-22 8:31 ` Dan Carpenter
2019-08-22 8:31 ` Dan Carpenter
2019-08-22 17:47 ` [PATCH 2/4] " Dragan Cvetic
2019-08-22 17:47 ` Dragan Cvetic
2019-08-22 17:47 ` Dragan Cvetic
2019-08-21 7:09 ` [PATCH 3/4] misc: xilinx_sdfec: Prevent a divide by zero in xsdfec_reg0_write() Dan Carpenter
2019-08-21 7:09 ` Dan Carpenter
2019-08-21 7:09 ` Dan Carpenter
2019-08-22 8:18 ` Michal Simek
2019-08-22 8:18 ` Michal Simek
2019-08-22 8:18 ` Michal Simek
2019-08-23 8:23 ` Dragan Cvetic
2019-08-23 8:23 ` Dragan Cvetic
2019-08-23 8:23 ` Dragan Cvetic
2019-08-21 7:11 ` Dan Carpenter [this message]
2019-08-21 7:11 ` [PATCH 4/4] misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write() Dan Carpenter
2019-08-21 7:11 ` Dan Carpenter
2019-08-22 8:27 ` Michal Simek
2019-08-22 8:27 ` Michal Simek
2019-08-22 8:27 ` Michal Simek
2019-08-22 17:55 ` Dragan Cvetic
2019-08-22 17:55 ` Dragan Cvetic
2019-08-22 17:55 ` Dragan Cvetic
2019-08-22 8:14 ` [PATCH 1/4] misc: xilinx_sdfec: Fix a couple small information leaks Michal Simek
2019-08-22 8:14 ` Michal Simek
2019-08-22 8:14 ` Michal Simek
2019-08-22 8:28 ` Dan Carpenter
2019-08-22 8:28 ` Dan Carpenter
2019-08-22 8:28 ` Dan Carpenter
2019-08-22 8:49 ` Michal Simek
2019-08-22 8:49 ` Michal Simek
2019-08-22 8:49 ` Michal Simek
2019-08-22 17:47 ` Dragan Cvetic
2019-08-22 17:47 ` Dragan Cvetic
2019-08-22 17:47 ` Dragan Cvetic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190821071122.GD26957@mwanda \
--to=dan.carpenter@oracle.com \
--cc=arnd@arndb.de \
--cc=derek.kiernan@xilinx.com \
--cc=dragan.cvetic@xilinx.com \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michal.simek@xilinx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.