From: walter harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Zhang Rui <rui.zhang@intel.com>,
Eduardo Valentin <edubezval@gmail.com>,
linux-pm@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] thermal: underflow in trip_point_temp_store()
Date: Wed, 04 Nov 2015 12:26:47 +0000 [thread overview]
Message-ID: <5639F987.4070402@bfs.de> (raw)
In-Reply-To: <20151103221434.GB19280@mwanda>
Am 03.11.2015 23:14, schrieb Dan Carpenter:
> This is to address a static checker warning about an underflow in
> imx_set_trip_temp(). The checker is complaining that we have a user
> supplied value for "temp" from kstrtoul() where we treat it as signed,
> we cap the upper but we accept negative values.
>
> This looks unintentional since the caller is using unsigned longs to
> represent the temperature. Let's change it to int and reject negatives
> in the caller.
>
> Also I changed it to reject negative "trip" values as well.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> Someday we will use super cooled CPUs and we will need to rethink this
> code. :)
>
> diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
> index d9e525c..151a630 100644
> --- a/drivers/thermal/thermal_core.c
> +++ b/drivers/thermal/thermal_core.c
> @@ -664,7 +664,7 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr,
> {
> struct thermal_zone_device *tz = to_thermal_zone(dev);
> int trip, ret;
> - unsigned long temperature;
> + int temperature;
>
> if (!tz->ops->set_trip_temp)
> return -EPERM;
> @@ -672,7 +672,9 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr,
> if (!sscanf(attr->attr.name, "trip_point_%d_temp", &trip))
> return -EINVAL;
>
> - if (kstrtoul(buf, 10, &temperature))
> + if (kstrtoint(buf, 10, &temperature))
> + return -EINVAL;
> + if (trip < 0 || temperature < 0)
> return -EINVAL;
>
> ret = tz->ops->set_trip_temp(tz, trip, temperature);
IMHO the test should be near the point where the value is generated.
if (!sscanf(attr->attr.name, "trip_point_%d_temp", &trip))
return -EINVAL;
if (trip < 0)
return -EINVAL;
if (kstrtoint(buf, 10, &temperature))
return -EINVAL;
if (temperature < 0)
return -EINVAL;
That way it is easily visible under what condition -EINVAL is generated (to many).
hope that helps,
re,
wh
WARNING: multiple messages have this Message-ID (diff)
From: walter harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Zhang Rui <rui.zhang@intel.com>,
Eduardo Valentin <edubezval@gmail.com>,
linux-pm@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] thermal: underflow in trip_point_temp_store()
Date: Wed, 04 Nov 2015 13:26:47 +0100 [thread overview]
Message-ID: <5639F987.4070402@bfs.de> (raw)
In-Reply-To: <20151103221434.GB19280@mwanda>
Am 03.11.2015 23:14, schrieb Dan Carpenter:
> This is to address a static checker warning about an underflow in
> imx_set_trip_temp(). The checker is complaining that we have a user
> supplied value for "temp" from kstrtoul() where we treat it as signed,
> we cap the upper but we accept negative values.
>
> This looks unintentional since the caller is using unsigned longs to
> represent the temperature. Let's change it to int and reject negatives
> in the caller.
>
> Also I changed it to reject negative "trip" values as well.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> Someday we will use super cooled CPUs and we will need to rethink this
> code. :)
>
> diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
> index d9e525c..151a630 100644
> --- a/drivers/thermal/thermal_core.c
> +++ b/drivers/thermal/thermal_core.c
> @@ -664,7 +664,7 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr,
> {
> struct thermal_zone_device *tz = to_thermal_zone(dev);
> int trip, ret;
> - unsigned long temperature;
> + int temperature;
>
> if (!tz->ops->set_trip_temp)
> return -EPERM;
> @@ -672,7 +672,9 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr,
> if (!sscanf(attr->attr.name, "trip_point_%d_temp", &trip))
> return -EINVAL;
>
> - if (kstrtoul(buf, 10, &temperature))
> + if (kstrtoint(buf, 10, &temperature))
> + return -EINVAL;
> + if (trip < 0 || temperature < 0)
> return -EINVAL;
>
> ret = tz->ops->set_trip_temp(tz, trip, temperature);
IMHO the test should be near the point where the value is generated.
if (!sscanf(attr->attr.name, "trip_point_%d_temp", &trip))
return -EINVAL;
if (trip < 0)
return -EINVAL;
if (kstrtoint(buf, 10, &temperature))
return -EINVAL;
if (temperature < 0)
return -EINVAL;
That way it is easily visible under what condition -EINVAL is generated (to many).
hope that helps,
re,
wh
next prev parent reply other threads:[~2015-11-04 12:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-03 22:14 [patch] thermal: underflow in trip_point_temp_store() Dan Carpenter
2015-11-03 22:14 ` Dan Carpenter
2015-11-04 5:57 ` Eduardo Valentin
2015-11-04 5:57 ` Eduardo Valentin
2015-11-04 11:32 ` Dan Carpenter
2015-11-04 11:32 ` Dan Carpenter
2015-11-04 16:32 ` Eduardo Valentin
2015-11-04 16:32 ` Eduardo Valentin
2015-11-04 12:26 ` walter harms [this message]
2015-11-04 12:26 ` walter harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5639F987.4070402@bfs.de \
--to=wharms@bfs.de \
--cc=dan.carpenter@oracle.com \
--cc=edubezval@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rui.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.