From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 537B6C004D4 for ; Thu, 19 Jan 2023 20:11:53 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.49822.1674145126887029406 for ; Thu, 19 Jan 2023 08:18:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YaCRFMUf; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: jmoyer@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674145125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qmHYjUt24sUlF/c+UMA/XCra8CJo51C7Y4xLfqoKvY0=; b=YaCRFMUf9kUhlMFVcNT5ji5gRlQ362sg/y+dCbF9anYVE2wvqIUTmx7sz4fIOnbTPlccNf 5nTq3ok4IkekfwBs6HiwIo4E4UB8952/SLa+EOHO0Zewj5GDGDWDv0tzI07B1rnxlpWq+a FOZZOHsXZj2X0s6Mfh8/5BiVgWILaYk= Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-7-G6fLYfogOzG6HcOEitMZ7Q-1; Thu, 19 Jan 2023 11:17:42 -0500 X-MC-Unique: G6fLYfogOzG6HcOEitMZ7Q-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2560D3814953; Thu, 19 Jan 2023 16:17:25 +0000 (UTC) Received: from segfault.boston.devel.redhat.com (segfault.boston.devel.redhat.com [10.19.60.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A802D492B03; Thu, 19 Jan 2023 16:17:24 +0000 (UTC) From: Jeff Moyer To: Dan Carpenter Cc: Dan Williams , Vishal Verma , Dave Jiang , Ira Weiny , "Rafael J. Wysocki" , Len Brown , nvdimm@lists.linux.dev, linux-acpi@vger.kernel.org, kernel-janitors@vger.kernel.org, cip-dev , Harshit Mogalapalli Subject: Re: [PATCH v2] ACPI: NFIT: prevent underflow in acpi_nfit_ctl() References: X-PGP-KeyID: 1F78E1B4 X-PGP-CertKey: F6FE 280D 8293 F72C 65FD 5A58 1FF8 A7CA 1F78 E1B4 Date: Thu, 19 Jan 2023 11:21:22 -0500 In-Reply-To: (Dan Carpenter's message of "Thu, 19 Jan 2023 18:09:54 +0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 Content-Type: text/plain List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 19 Jan 2023 20:11:53 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/10450 Dan Carpenter writes: > The concern here would be that "family" is negative and we pass a > negative value to test_bit() resulting in an out of bounds read > and potentially a crash. I don't see how this can happen. Do you have a particular scenario in mind? -Jeff > This patch is based on static analysis and not on testing. > > Fixes: 9a7e3d7f0568 ("ACPI: NFIT: Fix input validation of bus-family") > Signed-off-by: Dan Carpenter > --- > v2: add missing close parens ) in subject > > drivers/acpi/nfit/core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c > index f1cc5ec6a3b6..da0739f04c98 100644 > --- a/drivers/acpi/nfit/core.c > +++ b/drivers/acpi/nfit/core.c > @@ -446,10 +446,10 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, > const char *cmd_name, *dimm_name; > unsigned long cmd_mask, dsm_mask; > u32 offset, fw_status = 0; > + unsigned int family = 0; > acpi_handle handle; > const guid_t *guid; > int func, rc, i; > - int family = 0; > > if (cmd_rc) > *cmd_rc = -EINVAL;