From: Sakari Ailus <sakari.ailus@linux.intel.com>
To: Zijun Hu <zijun_hu@icloud.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Daniel Scally <djrscally@gmail.com>,
Heikki Krogerus <heikki.krogerus@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Danilo Krummrich <dakr@kernel.org>,
linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org,
Zijun Hu <quic_zijuhu@quicinc.com>
Subject: Re: [PATCH 2/2] software node: Correct a OOB check in software_node_get_reference_args()
Date: Mon, 14 Apr 2025 08:45:32 +0000 [thread overview]
Message-ID: <Z_zLLPlbiRObl20l@kekkonen.localdomain> (raw)
In-Reply-To: <20250410-fix_swnode-v1-2-081c95cf7cf9@quicinc.com>
On Thu, Apr 10, 2025 at 09:12:12PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@quicinc.com>
>
> software_node_get_reference_args() wants to get @index-th element, so
> the property value requires at least '(index + 1) * sizeof(*ref)' bytes.
>
> Correct the check to avoid OOB access.
>
> Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
> ---
> drivers/base/swnode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c
> index 67040fff99b02c43999b175c2ba7e6d04322a446..efaac07f8ba38fae55214b71c2ecee15b5a711b1 100644
> --- a/drivers/base/swnode.c
> +++ b/drivers/base/swnode.c
> @@ -529,7 +529,7 @@ software_node_get_reference_args(const struct fwnode_handle *fwnode,
> if (prop->is_inline)
> return -EINVAL;
>
> - if (index * sizeof(*ref) >= prop->length)
> + if ((index + 1) * sizeof(*ref) > prop->length)
> return -ENOENT;
>
> ref_array = prop->pointer;
>
> --
> 2.34.1
>
--
Sakari Ailus
next prev parent reply other threads:[~2025-04-14 8:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-10 13:12 [PATCH 0/2] software node: bug fixes Zijun Hu
2025-04-10 13:12 ` [PATCH 1/2] software node: Add comment for the first ERR_CAST() in fwnode_create_software_node() Zijun Hu
2025-04-14 8:00 ` Andy Shevchenko
2025-04-14 11:10 ` Zijun Hu
2025-04-10 13:12 ` [PATCH 2/2] software node: Correct a OOB check in software_node_get_reference_args() Zijun Hu
2025-04-14 8:08 ` Andy Shevchenko
2025-04-14 11:12 ` Zijun Hu
2025-04-15 6:42 ` Andy Shevchenko
2025-04-14 8:45 ` Sakari Ailus [this message]
2025-04-14 7:23 ` [PATCH 0/2] software node: bug fixes Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_zLLPlbiRObl20l@kekkonen.localdomain \
--to=sakari.ailus@linux.intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=dakr@kernel.org \
--cc=djrscally@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=heikki.krogerus@linux.intel.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=quic_zijuhu@quicinc.com \
--cc=rafael@kernel.org \
--cc=zijun_hu@icloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox