public inbox for linux-pm@vger.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: viresh.kumar@linaro.org
Cc: linux-pm@vger.kernel.org
Subject: [bug report] thermal: Add cooling device's statistics in sysfs
Date: Fri, 14 Oct 2022 17:08:04 +0300	[thread overview]
Message-ID: <Y0ltRJRjO7AkawvE@kili> (raw)

Hello Viresh Kumar,

The patch 8ea229511e06: "thermal: Add cooling device's statistics in
sysfs" from Apr 2, 2018, leads to the following Smatch static checker
warning:

	drivers/thermal/thermal_sysfs.c:656 thermal_cooling_device_stats_update()
	warn: potential integer overflow from user 'stats->state * stats->max_states + new_state'

drivers/thermal/thermal_sysfs.c
    642 void thermal_cooling_device_stats_update(struct thermal_cooling_device *cdev,
    643                                          unsigned long new_state)
    644 {
    645         struct cooling_dev_stats *stats = cdev->stats;
    646 
    647         if (!stats)
    648                 return;
    649 
    650         spin_lock(&stats->lock);
    651 
    652         if (stats->state == new_state)
    653                 goto unlock;
    654 
    655         update_time_in_state(stats);
--> 656         stats->trans_table[stats->state * stats->max_states + new_state]++;
                                                                      ^^^^^^^^^
The new state value comes from the user via sysfs.  It is <= LONG_MAX
but otherwise there is no limit on its value.  Presumably only the
admin can write to this file so the security impact of this buffer
overflow is not as bad as it could have been.

    657         stats->state = new_state;
    658         stats->total_trans++;
    659 
    660 unlock:
    661         spin_unlock(&stats->lock);
    662 }

regards,
dan carpenter

             reply	other threads:[~2022-10-14 14:08 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-14 14:08 Dan Carpenter [this message]
2022-10-14 14:30 ` [bug report] thermal: Add cooling device's statistics in sysfs Dan Carpenter
2022-10-17  9:38   ` Viresh Kumar
2022-10-17 13:19     ` Dan Carpenter
2022-10-18  4:02       ` Viresh Kumar
2022-10-17  5:57 ` Viresh Kumar
2022-10-17  7:09   ` Dan Carpenter
2022-10-17  7:10     ` Viresh Kumar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y0ltRJRjO7AkawvE@kili \
    --to=dan.carpenter@oracle.com \
    --cc=linux-pm@vger.kernel.org \
    --cc=viresh.kumar@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox