From: Greg KH <gregkh@linuxfoundation.org>
To: Zong Jiang <quic_zongjian@quicinc.com>
Cc: linux-serial@vger.kernel.org, dan.carpenter@linaro.org,
quic_ztu@quicinc.com, quic_msavaliy@quicinc.com,
quic_vdadhani@quicinc.com, quic_anupkulk@quicinc.com,
quic_haixcui@quicinc.com
Subject: Re: [PATCH] serial: qcom-geni: Fix off-by-one error in ida_alloc_range()
Date: Fri, 22 Aug 2025 06:46:52 +0200 [thread overview]
Message-ID: <2025082206-fragile-trading-ccda@gregkh> (raw)
In-Reply-To: <20250822033532.4074827-1-quic_zongjian@quicinc.com>
On Fri, Aug 22, 2025 at 11:35:32AM +0800, Zong Jiang wrote:
> The ida_alloc_range() function expects an inclusive range, meaning both
> the start and end values are valid allocation targets. Passing nr_ports
> as the upper bound allows allocation of an ID equal to nr_ports, which
> is out of bounds when used as an index into the port array.
>
> Fix this by subtracting 1 from nr_ports in both calls to ida_alloc_range(),
> ensuring the allocated ID stays within the valid range
> [start, nr_ports - 1].
>
> This prevents potential out-of-bounds access when the allocated ID is used
> as an index.
>
> | Reported-by: kernel test robot <lkp@intel.com>
> | Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> | Closes: https://lore.kernel.org/r/202508180815.R2nDyajs-lkp@intel.com/
Why do you have "| " here? Have you ever seen that in other kernel
commits?
> Signed-off-by: Zong Jiang <quic_zongjian@quicinc.com>
What commit id does this fix?
thanks,
greg k-h
prev parent reply other threads:[~2025-08-22 4:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 3:35 [PATCH] serial: qcom-geni: Fix off-by-one error in ida_alloc_range() Zong Jiang
2025-08-22 4:46 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025082206-fragile-trading-ccda@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@linaro.org \
--cc=linux-serial@vger.kernel.org \
--cc=quic_anupkulk@quicinc.com \
--cc=quic_haixcui@quicinc.com \
--cc=quic_msavaliy@quicinc.com \
--cc=quic_vdadhani@quicinc.com \
--cc=quic_zongjian@quicinc.com \
--cc=quic_ztu@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).