Linux IIO development
 help / color / mirror / Atom feed
From: Jonathan Cameron <jic23@kernel.org>
To: "Nuno Sá" <noname.nuno@gmail.com>
Cc: Zicheng Qu <quzicheng@huawei.com>,
	nuno.sa@analog.com, lars@metafoo.de,
	Michael.Hennerich@analog.com, djunho@gmail.com,
	alexandru.ardelean@analog.com, linux-iio@vger.kernel.org,
	linux-kernel@vger.kernel.org, tanghui20@huawei.com,
	zhangqiao22@huawei.com, judy.chenhui@huawei.com
Subject: Re: [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
Date: Thu, 31 Oct 2024 21:05:01 +0000	[thread overview]
Message-ID: <20241031210501.3da82113@jic23-huawei> (raw)
In-Reply-To: <4760ad42ae34ea53ffb98995d65c5f1d6a6b3f9e.camel@gmail.com>

On Thu, 31 Oct 2024 15:20:24 +0100
Nuno Sá <noname.nuno@gmail.com> wrote:

> On Tue, 2024-10-29 at 13:46 +0000, Zicheng Qu wrote:
> > The AD7923 was updated to support devices with 8 channels, but the size
> > of tx_buf and ring_xfer was not increased accordingly, leading to a
> > potential buffer overflow in ad7923_update_scan_mode().
> > 
> > Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928")
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Nuno Sá <noname.nuno@gmail.com>
> > Signed-off-by: Zicheng Qu <quzicheng@huawei.com>
> > ---  
> 
> Reviewed-by: Nuno Sa <nuno.sa@analog.com>
> 

Confusing one. I'll fix the authorship up for your analog address

Zicheng, usually a Suggested-by after checking with the author if it's
a patch in a review thread.

You can't really give someone elses' SoB without them explicitly sending it.
If Nuno let you know that was fine off the list, then just mention that under
---

This time I'm going to take Nuno's RB as fine to indicate no objection
to the SoB. Nuno, feel free to shout if you want to handle this differently.

Applied.

Jonathan


> > v2:
> > - Fixed: Addressed buffer overflow in ad7923_update_scan_mode() due to 
> > insufficient tx_buf and ring_xfer size for 8-channel devices.
> > - Issue: Original patch attempted to fix the overflow by limiting the 
> > length, but did not address the root cause of buffer size mismatch.
> > - Solution: Increased tx_buf and ring_xfer sizes recommended by Nuno to 
> > support all 8 channels, ensuring adequate buffer capacity.
> > - Previous patch link: 
> > https://lore.kernel.org/linux-iio/20241028142357.1032380-1-quzicheng@huawei.com/T/#u
> >  drivers/iio/adc/ad7923.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c
> > index 09680015a7ab..acc44cb34f82 100644
> > --- a/drivers/iio/adc/ad7923.c
> > +++ b/drivers/iio/adc/ad7923.c
> > @@ -48,7 +48,7 @@
> >  
> >  struct ad7923_state {
> >  	struct spi_device		*spi;
> > -	struct spi_transfer		ring_xfer[5];
> > +	struct spi_transfer		ring_xfer[9];
> >  	struct spi_transfer		scan_single_xfer[2];
> >  	struct spi_message		ring_msg;
> >  	struct spi_message		scan_single_msg;
> > @@ -64,7 +64,7 @@ struct ad7923_state {
> >  	 * Length = 8 channels + 4 extra for 8 byte timestamp
> >  	 */
> >  	__be16				rx_buf[12] __aligned(IIO_DMA_MINALIGN);
> > -	__be16				tx_buf[4];
> > +	__be16				tx_buf[8];
> >  };
> >  
> >  struct ad7923_chip_info {  
> 


  reply	other threads:[~2024-10-31 21:05 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-28 14:23 [PATCH] ad7923: fix array out of bounds in ad7923_update_scan_mode() Zicheng Qu
2024-10-28 20:50 ` Jonathan Cameron
2024-10-29  8:40   ` Nuno Sá
2024-10-29 13:46 ` [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Zicheng Qu
2024-10-31 13:54   ` Zicheng Qu
2024-10-31 14:20   ` Nuno Sá
2024-10-31 21:05     ` Jonathan Cameron [this message]
2024-11-01  1:22       ` Zicheng Qu
2024-11-04  9:13       ` Nuno Sá

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241031210501.3da82113@jic23-huawei \
    --to=jic23@kernel.org \
    --cc=Michael.Hennerich@analog.com \
    --cc=alexandru.ardelean@analog.com \
    --cc=djunho@gmail.com \
    --cc=judy.chenhui@huawei.com \
    --cc=lars@metafoo.de \
    --cc=linux-iio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=noname.nuno@gmail.com \
    --cc=nuno.sa@analog.com \
    --cc=quzicheng@huawei.com \
    --cc=tanghui20@huawei.com \
    --cc=zhangqiao22@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox