* [patch 2/2] serial: jsm: some off by one bugs
@ 2015-03-12 17:08 Dan Carpenter
2015-03-16 17:47 ` cascardo
0 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2015-03-12 17:08 UTC (permalink / raw)
To: Thadeu Lima de Souza Cascardo
Cc: Greg Kroah-Hartman, kernel-janitors, driverdev-devel, Jiri Slaby,
linux-serial
"brd->nasync" amd "brd->maxports" are the same. They hold the number of
filled out channels in the brd->channels[] array. These tests should
be ">=" instead of ">" so that we don't read one element past the end.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c
index bfb0681..4eb12a9 100644
--- a/drivers/tty/serial/jsm/jsm_cls.c
+++ b/drivers/tty/serial/jsm/jsm_cls.c
@@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port)
* verified in the interrupt routine.
*/
- if (port > brd->nasync)
+ if (port >= brd->nasync)
return;
ch = brd->channels[port];
diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c
index 7291c21..f413ef0 100644
--- a/drivers/tty/serial/jsm/jsm_neo.c
+++ b/drivers/tty/serial/jsm/jsm_neo.c
@@ -840,7 +840,7 @@ static inline void neo_parse_lsr(struct jsm_board *brd, u32 port)
if (!brd)
return;
- if (port > brd->maxports)
+ if (port >= brd->maxports)
return;
ch = brd->channels[port];
@@ -1180,7 +1180,7 @@ static irqreturn_t neo_intr(int irq, void *voidbrd)
*/
/* Verify the port is in range. */
- if (port > brd->nasync)
+ if (port >= brd->nasync)
continue;
ch = brd->channels[port];
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [patch 2/2] serial: jsm: some off by one bugs
2015-03-12 17:08 [patch 2/2] serial: jsm: some off by one bugs Dan Carpenter
@ 2015-03-16 17:47 ` cascardo
2015-03-16 18:38 ` Dan Carpenter
2015-03-17 9:17 ` [patch 2/2 v2] " Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: cascardo @ 2015-03-16 17:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Greg Kroah-Hartman, Jiri Slaby, linux-serial, driverdev-devel,
kernel-janitors
On Thu, Mar 12, 2015 at 08:08:24PM +0300, Dan Carpenter wrote:
> "brd->nasync" amd "brd->maxports" are the same. They hold the number of
> filled out channels in the brd->channels[] array. These tests should
> be ">=" instead of ">" so that we don't read one element past the end.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c
> index bfb0681..4eb12a9 100644
> --- a/drivers/tty/serial/jsm/jsm_cls.c
> +++ b/drivers/tty/serial/jsm/jsm_cls.c
> @@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port)
> * verified in the interrupt routine.
> */
>
> - if (port > brd->nasync)
> + if (port >= brd->nasync)
> return;
>
> ch = brd->channels[port];
> diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c
> index 7291c21..f413ef0 100644
> --- a/drivers/tty/serial/jsm/jsm_neo.c
> +++ b/drivers/tty/serial/jsm/jsm_neo.c
Hi, Dan.
It looks like you missed the fix for neo_parse_isr.
Would you send a v2 fixing that as well?
Thanks.
Cascardo.
> @@ -840,7 +840,7 @@ static inline void neo_parse_lsr(struct jsm_board *brd, u32 port)
> if (!brd)
> return;
>
> - if (port > brd->maxports)
> + if (port >= brd->maxports)
> return;
>
> ch = brd->channels[port];
> @@ -1180,7 +1180,7 @@ static irqreturn_t neo_intr(int irq, void *voidbrd)
> */
>
> /* Verify the port is in range. */
> - if (port > brd->nasync)
> + if (port >= brd->nasync)
> continue;
>
> ch = brd->channels[port];
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch 2/2] serial: jsm: some off by one bugs
2015-03-16 17:47 ` cascardo
@ 2015-03-16 18:38 ` Dan Carpenter
2015-03-17 9:17 ` [patch 2/2 v2] " Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2015-03-16 18:38 UTC (permalink / raw)
To: cascardo
Cc: Greg Kroah-Hartman, kernel-janitors, driverdev-devel, Jiri Slaby,
linux-serial
On Mon, Mar 16, 2015 at 02:47:43PM -0300, cascardo@linux.vnet.ibm.com wrote:
> On Thu, Mar 12, 2015 at 08:08:24PM +0300, Dan Carpenter wrote:
> > "brd->nasync" amd "brd->maxports" are the same. They hold the number of
> > filled out channels in the brd->channels[] array. These tests should
> > be ">=" instead of ">" so that we don't read one element past the end.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c
> > index bfb0681..4eb12a9 100644
> > --- a/drivers/tty/serial/jsm/jsm_cls.c
> > +++ b/drivers/tty/serial/jsm/jsm_cls.c
> > @@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port)
> > * verified in the interrupt routine.
> > */
> >
> > - if (port > brd->nasync)
> > + if (port >= brd->nasync)
> > return;
> >
> > ch = brd->channels[port];
> > diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c
> > index 7291c21..f413ef0 100644
> > --- a/drivers/tty/serial/jsm/jsm_neo.c
> > +++ b/drivers/tty/serial/jsm/jsm_neo.c
>
> Hi, Dan.
>
> It looks like you missed the fix for neo_parse_isr.
>
> Would you send a v2 fixing that as well?
Yes. Thanks for catching this.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* [patch 2/2 v2] serial: jsm: some off by one bugs
2015-03-16 17:47 ` cascardo
2015-03-16 18:38 ` Dan Carpenter
@ 2015-03-17 9:17 ` Dan Carpenter
2015-03-17 13:20 ` cascardo
1 sibling, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2015-03-17 9:17 UTC (permalink / raw)
To: Thadeu Lima de Souza Cascardo
Cc: Greg Kroah-Hartman, Jiri Slaby, linux-serial, kernel-janitors
"brd->nasync" amd "brd->maxports" are the same. They hold the number of
filled out channels in the brd->channels[] array. These tests should
be ">=" instead of ">" so that we don't read one element past the end.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: Thadeu Cascardo noticed another off by one that I missed.
diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c
index bfb0681..4eb12a9 100644
--- a/drivers/tty/serial/jsm/jsm_cls.c
+++ b/drivers/tty/serial/jsm/jsm_cls.c
@@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port)
* verified in the interrupt routine.
*/
- if (port > brd->nasync)
+ if (port >= brd->nasync)
return;
ch = brd->channels[port];
diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c
index 7291c21..932b2ac 100644
--- a/drivers/tty/serial/jsm/jsm_neo.c
+++ b/drivers/tty/serial/jsm/jsm_neo.c
@@ -724,7 +724,7 @@ static inline void neo_parse_isr(struct jsm_board *brd, u32 port)
if (!brd)
return;
- if (port > brd->maxports)
+ if (port >= brd->maxports)
return;
ch = brd->channels[port];
@@ -840,7 +840,7 @@ static inline void neo_parse_lsr(struct jsm_board *brd, u32 port)
if (!brd)
return;
- if (port > brd->maxports)
+ if (port >= brd->maxports)
return;
ch = brd->channels[port];
@@ -1180,7 +1180,7 @@ static irqreturn_t neo_intr(int irq, void *voidbrd)
*/
/* Verify the port is in range. */
- if (port > brd->nasync)
+ if (port >= brd->nasync)
continue;
ch = brd->channels[port];
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [patch 2/2 v2] serial: jsm: some off by one bugs
2015-03-17 9:17 ` [patch 2/2 v2] " Dan Carpenter
@ 2015-03-17 13:20 ` cascardo
0 siblings, 0 replies; 5+ messages in thread
From: cascardo @ 2015-03-17 13:20 UTC (permalink / raw)
To: Dan Carpenter
Cc: Greg Kroah-Hartman, Jiri Slaby, linux-serial, kernel-janitors
On Tue, Mar 17, 2015 at 12:17:28PM +0300, Dan Carpenter wrote:
> "brd->nasync" amd "brd->maxports" are the same. They hold the number of
> filled out channels in the brd->channels[] array. These tests should
> be ">=" instead of ">" so that we don't read one element past the end.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: Thadeu Cascardo noticed another off by one that I missed.
>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
> diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c
> index bfb0681..4eb12a9 100644
> --- a/drivers/tty/serial/jsm/jsm_cls.c
> +++ b/drivers/tty/serial/jsm/jsm_cls.c
> @@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port)
> * verified in the interrupt routine.
> */
>
> - if (port > brd->nasync)
> + if (port >= brd->nasync)
> return;
>
> ch = brd->channels[port];
> diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c
> index 7291c21..932b2ac 100644
> --- a/drivers/tty/serial/jsm/jsm_neo.c
> +++ b/drivers/tty/serial/jsm/jsm_neo.c
> @@ -724,7 +724,7 @@ static inline void neo_parse_isr(struct jsm_board *brd, u32 port)
> if (!brd)
> return;
>
> - if (port > brd->maxports)
> + if (port >= brd->maxports)
> return;
>
> ch = brd->channels[port];
> @@ -840,7 +840,7 @@ static inline void neo_parse_lsr(struct jsm_board *brd, u32 port)
> if (!brd)
> return;
>
> - if (port > brd->maxports)
> + if (port >= brd->maxports)
> return;
>
> ch = brd->channels[port];
> @@ -1180,7 +1180,7 @@ static irqreturn_t neo_intr(int irq, void *voidbrd)
> */
>
> /* Verify the port is in range. */
> - if (port > brd->nasync)
> + if (port >= brd->nasync)
> continue;
>
> ch = brd->channels[port];
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-17 13:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-12 17:08 [patch 2/2] serial: jsm: some off by one bugs Dan Carpenter
2015-03-16 17:47 ` cascardo
2015-03-16 18:38 ` Dan Carpenter
2015-03-17 9:17 ` [patch 2/2 v2] " Dan Carpenter
2015-03-17 13:20 ` cascardo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).