From: Ursula Braun <ubraun@linux.vnet.ibm.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [patch] netiucv: silence an underflow warning
Date: Fri, 15 Jul 2016 09:11:58 +0200 [thread overview]
Message-ID: <57888CBE.9050002@linux.vnet.ibm.com> (raw)
In-Reply-To: <20160714113016.GJ18175@mwanda>
Hi Dan,
thanks for reporting this netiucv-problem. There is an implication:
Without fix, buffer values between 2**31 and 2**32 are not detected as
invalid values. Your fix would help, but since we have to touch the
code, I suggest to modernize it, moving from simple_strtoul() to
kstrtouint(). This would be the patch I have in mind:
--- a/drivers/s390/net/netiucv.c
+++ b/drivers/s390/net/netiucv.c
@@ -1564,21 +1564,21 @@ static ssize_t buffer_write (struct devi
{
struct netiucv_priv *priv = dev_get_drvdata(dev);
struct net_device *ndev = priv->conn->netdev;
- char *e;
- int bs1;
+ unsigned int bs1;
+ int rc;
IUCV_DBF_TEXT(trace, 3, __func__);
if (count >= 39)
return -EINVAL;
- bs1 = simple_strtoul(buf, &e, 0);
+ rc = kstrtouint(buf, 0, &bs1);
- if (e && (!isspace(*e))) {
- IUCV_DBF_TEXT_(setup, 2, "buffer_write: invalid char %02x\n",
- *e);
+ if (rc == -EINVAL) {
+ IUCV_DBF_TEXT_(setup, 2, "buffer_write: invalid char %s\n",
+ buf);
return -EINVAL;
}
- if (bs1 > NETIUCV_BUFSIZE_MAX) {
+ if ((rc == -ERANGE) || (bs1 > NETIUCV_BUFSIZE_MAX)) {
IUCV_DBF_TEXT_(setup, 2,
"buffer_write: buffer size %d too large\n",
bs1);
And a question about your static checker detecting this problem: Is it a
private checker, or something we could use as well?
Does your checker like my patch version?
Thanks, Ursula
On 07/14/2016 01:30 PM, Dan Carpenter wrote:
> I haven't looked at the implications but we accidentally allow bs1 to
> be negative. It makes my static checker complain.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/s390/net/netiucv.c b/drivers/s390/net/netiucv.c
> index b0e8ffd..85a5744 100644
> --- a/drivers/s390/net/netiucv.c
> +++ b/drivers/s390/net/netiucv.c
> @@ -1578,7 +1578,7 @@ static ssize_t buffer_write (struct device *dev, struct device_attribute *attr,
> *e);
> return -EINVAL;
> }
> - if (bs1 > NETIUCV_BUFSIZE_MAX) {
> + if (bs1 < 0 || bs1 > NETIUCV_BUFSIZE_MAX) {
> IUCV_DBF_TEXT_(setup, 2,
> "buffer_write: buffer size %d too large\n",
> bs1);
>
next prev parent reply other threads:[~2016-07-15 7:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-14 11:30 [patch] netiucv: silence an underflow warning Dan Carpenter
2016-07-15 7:11 ` Ursula Braun [this message]
2016-07-15 8:33 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57888CBE.9050002@linux.vnet.ibm.com \
--to=ubraun@linux.vnet.ibm.com \
--cc=dan.carpenter@oracle.com \
--cc=heiko.carstens@de.ibm.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).