From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: Avri Altman <Avri.Altman@wdc.com>
Cc: "linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
Ulf Hansson <ulf.hansson@linaro.org>,
Adrian Hunter <adrian.hunter@intel.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 2/2] mmc core block.c: avoid negative index with array access
Date: Wed, 13 Mar 2024 16:18:23 +0200 [thread overview]
Message-ID: <ZfG1r9jmxBKPkmcd@nuoska> (raw)
In-Reply-To: <DM6PR04MB65753CE63956185656CB7580FC2A2@DM6PR04MB6575.namprd04.prod.outlook.com>
On Wed, Mar 13, 2024 at 02:12:52PM +0000, Avri Altman wrote:
> > -----Original Message-----
> > From: mikko.rapeli@linaro.org <mikko.rapeli@linaro.org>
> > Sent: Wednesday, March 13, 2024 3:38 PM
> > To: linux-mmc@vger.kernel.org
> > Cc: Mikko Rapeli <mikko.rapeli@linaro.org>; Avri Altman
> > <Avri.Altman@wdc.com>; Ulf Hansson <ulf.hansson@linaro.org>; Adrian Hunter
> > <adrian.hunter@intel.com>; stable@vger.kernel.org
> > Subject: [PATCH 2/2] mmc core block.c: avoid negative index with array access
> >
> > CAUTION: This email originated from outside of Western Digital. Do not click
> > on links or open attachments unless you recognize the sender and know that the
> > content is safe.
> >
> >
> > From: Mikko Rapeli <mikko.rapeli@linaro.org>
> >
> > Commit "mmc: core: Use mrq.sbc in close-ended ffu" assigns prev_idata =
> > idatas[i - 1] but doesn't check that int iterator i is greater than zero. Add the
> > check.
> I don't think this is even possible given 1/2.
With RPMB ioctl:
case MMC_DRV_OP_IOCTL_RPMB:
idata = mq_rq->drv_op_data;
for (i = 0, ret = 0; i < mq_rq->ioc_count; i++) {
ret = __mmc_blk_ioctl_cmd(card, md, idata, i);
if (ret)
break;
}
First call is with i = 0?
Cheers,
-Mikko
> Thanks,
> Avri
>
> >
> > Fixes: 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu")
> >
> > Link: https://lore.kernel.org/all/20231129092535.3278-1-
> > avri.altman@wdc.com/
> >
> > Cc: Avri Altman <avri.altman@wdc.com>
> > Cc: Ulf Hansson <ulf.hansson@linaro.org>
> > Cc: Adrian Hunter <adrian.hunter@intel.com>
> > Cc: linux-mmc@vger.kernel.org
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > ---
> > drivers/mmc/core/block.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index
> > 0df627de9cee..7f275b4ca9fa 100644
> > --- a/drivers/mmc/core/block.c
> > +++ b/drivers/mmc/core/block.c
> > @@ -488,7 +488,7 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card
> > *card, struct mmc_blk_data *md,
> > if (idata->flags & MMC_BLK_IOC_DROP)
> > return 0;
> >
> > - if (idata->flags & MMC_BLK_IOC_SBC)
> > + if (idata->flags & MMC_BLK_IOC_SBC && i > 0)
> > prev_idata = idatas[i - 1];
> >
> > /*
> > --
> > 2.34.1
>
next prev parent reply other threads:[~2024-03-13 14:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 13:37 [PATCH 1/2] mmc core block.c: initialize mmc_blk_ioc_data mikko.rapeli
2024-03-13 13:37 ` [PATCH 2/2] mmc core block.c: avoid negative index with array access mikko.rapeli
2024-03-13 14:12 ` Avri Altman
2024-03-13 14:18 ` Mikko Rapeli [this message]
2024-03-13 14:24 ` Avri Altman
2024-03-24 16:17 ` Francesco Dolcini
2024-03-24 18:51 ` Avri Altman
2024-03-24 19:24 ` Francesco Dolcini
2024-03-25 9:31 ` Francesco Dolcini
2024-03-13 14:11 ` [PATCH 1/2] mmc core block.c: initialize mmc_blk_ioc_data Avri Altman
2024-03-13 14:23 ` Adrian Hunter
2024-03-25 9:30 ` Francesco Dolcini
2024-03-25 13:18 ` Ulf Hansson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfG1r9jmxBKPkmcd@nuoska \
--to=mikko.rapeli@linaro.org \
--cc=Avri.Altman@wdc.com \
--cc=adrian.hunter@intel.com \
--cc=linux-mmc@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.