[PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()
@ 2025-05-02  8:40 Dan Carpenter
  2025-05-02  8:46 ` Antheas Kapenekakis
  2025-05-05 13:51 ` Ilpo Järvinen
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2025-05-02  8:40 UTC (permalink / raw)
  To: Antheas Kapenekakis
  Cc: Derek John Clark, Joaquín Ignacio Aramendía,
	Hans de Goede, Ilpo Järvinen, Thomas Weißschuh,
	platform-driver-x86, linux-kernel, kernel-janitors

The "val->intval" variable is an integer which comes from the user.  This
code has an upper bounds check but the lower bounds check was
accidentally omitted.  The write_to_ec() take a u8 value as a parameter
so negative values would be truncated to positive values in the 0-255
range.

Return -EINVAL if the user passes a negative value.

Fixes: 202593d1e86b ("platform/x86: oxpec: Add charge threshold and behaviour to OneXPlayer")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/platform/x86/oxpec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/platform/x86/oxpec.c b/drivers/platform/x86/oxpec.c
index 4b48f4571b09..de70ca7e8493 100644
--- a/drivers/platform/x86/oxpec.c
+++ b/drivers/platform/x86/oxpec.c
@@ -582,7 +582,7 @@ static int oxp_psy_ext_set_prop(struct power_supply *psy,
 
 	switch (psp) {
 	case POWER_SUPPLY_PROP_CHARGE_CONTROL_END_THRESHOLD:
-		if (val->intval > 100)
+		if (val->intval < 0 || val->intval > 100)
 			return -EINVAL;
 		return write_to_ec(OXP_X1_CHARGE_LIMIT_REG, val->intval);
 	case POWER_SUPPLY_PROP_CHARGE_BEHAVIOUR:
-- 
2.47.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()
  2025-05-02  8:40 [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop() Dan Carpenter
@ 2025-05-02  8:46 ` Antheas Kapenekakis
  2025-05-05 13:51 ` Ilpo Järvinen
  1 sibling, 0 replies; 3+ messages in thread
From: Antheas Kapenekakis @ 2025-05-02  8:46 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Derek John Clark, Joaquín Ignacio Aramendía,
	Hans de Goede, Ilpo Järvinen, Thomas Weißschuh,
	platform-driver-x86, linux-kernel, kernel-janitors

On Fri, 2 May 2025 at 10:40, Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> The "val->intval" variable is an integer which comes from the user.  This
> code has an upper bounds check but the lower bounds check was
> accidentally omitted.  The write_to_ec() take a u8 value as a parameter
> so negative values would be truncated to positive values in the 0-255
> range.
>
> Return -EINVAL if the user passes a negative value.
>
> Fixes: 202593d1e86b ("platform/x86: oxpec: Add charge threshold and behaviour to OneXPlayer")

Reviewed-by: Antheas Kapenekakis <lkml@antheas.dev>

Thanks,
Antheas

> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
>  drivers/platform/x86/oxpec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/platform/x86/oxpec.c b/drivers/platform/x86/oxpec.c
> index 4b48f4571b09..de70ca7e8493 100644
> --- a/drivers/platform/x86/oxpec.c
> +++ b/drivers/platform/x86/oxpec.c
> @@ -582,7 +582,7 @@ static int oxp_psy_ext_set_prop(struct power_supply *psy,
>
>         switch (psp) {
>         case POWER_SUPPLY_PROP_CHARGE_CONTROL_END_THRESHOLD:
> -               if (val->intval > 100)
> +               if (val->intval < 0 || val->intval > 100)
>                         return -EINVAL;
>                 return write_to_ec(OXP_X1_CHARGE_LIMIT_REG, val->intval);
>         case POWER_SUPPLY_PROP_CHARGE_BEHAVIOUR:
> --
> 2.47.2
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()
  2025-05-02  8:40 [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop() Dan Carpenter
  2025-05-02  8:46 ` Antheas Kapenekakis
@ 2025-05-05 13:51 ` Ilpo Järvinen
  1 sibling, 0 replies; 3+ messages in thread
From: Ilpo Järvinen @ 2025-05-05 13:51 UTC (permalink / raw)
  To: Antheas Kapenekakis, Dan Carpenter
  Cc: Derek John Clark, Joaquín Ignacio Aramendía,
	Hans de Goede, Thomas Weißschuh, platform-driver-x86,
	linux-kernel, kernel-janitors

On Fri, 02 May 2025 11:40:15 +0300, Dan Carpenter wrote:

> The "val->intval" variable is an integer which comes from the user.  This
> code has an upper bounds check but the lower bounds check was
> accidentally omitted.  The write_to_ec() take a u8 value as a parameter
> so negative values would be truncated to positive values in the 0-255
> range.
> 
> Return -EINVAL if the user passes a negative value.
> 
> [...]


Thank you for your contribution, it has been applied to my local
review-ilpo-next branch. Note it will show up in the public
platform-drivers-x86/review-ilpo-next branch only once I've pushed my
local branch there, which might take a while.

The list of commits applied:
[1/1] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()
      commit: 55cd5e760618b3bca5b8ab63fe65ab78a753adf8

--
 i.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-05-05 13:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-02  8:40 [PATCH next] platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop() Dan Carpenter
2025-05-02  8:46 ` Antheas Kapenekakis
2025-05-05 13:51 ` Ilpo Järvinen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.