* [PATCH] intel-iommu: Fix array overflow @ 2007-10-23 8:57 Takashi Iwai 2007-10-24 23:30 ` Mark Gross 0 siblings, 1 reply; 4+ messages in thread From: Takashi Iwai @ 2007-10-23 8:57 UTC (permalink / raw) To: linux-kernel; +Cc: torvalds, anil.s.keshavamurthy Fix possible array overflow: drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’: drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’: drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/pci/intel-iommu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c index b3d7031..e4b0a0d 100644 --- a/drivers/pci/intel-iommu.c +++ b/drivers/pci/intel-iommu.c @@ -749,8 +749,8 @@ static char *fault_reason_strings[] = char *dmar_get_fault_reason(u8 fault_reason) { - if (fault_reason > MAX_FAULT_REASON_IDX) - return fault_reason_strings[MAX_FAULT_REASON_IDX]; + if (fault_reason >= MAX_FAULT_REASON_IDX) + return fault_reason_strings[MAX_FAULT_REASON_IDX - 1]; else return fault_reason_strings[fault_reason]; } ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow 2007-10-23 8:57 [PATCH] intel-iommu: Fix array overflow Takashi Iwai @ 2007-10-24 23:30 ` Mark Gross 2007-10-25 7:31 ` Takashi Iwai 0 siblings, 1 reply; 4+ messages in thread From: Mark Gross @ 2007-10-24 23:30 UTC (permalink / raw) To: Takashi Iwai; +Cc: linux-kernel, torvalds, anil.s.keshavamurthy On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote: > Fix possible array overflow: > > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’: > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’: > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > --- > drivers/pci/intel-iommu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c > index b3d7031..e4b0a0d 100644 > --- a/drivers/pci/intel-iommu.c > +++ b/drivers/pci/intel-iommu.c > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] = > > char *dmar_get_fault_reason(u8 fault_reason) > { > - if (fault_reason > MAX_FAULT_REASON_IDX) > - return fault_reason_strings[MAX_FAULT_REASON_IDX]; > + if (fault_reason >= MAX_FAULT_REASON_IDX) > + return fault_reason_strings[MAX_FAULT_REASON_IDX - 1]; This looks like what the code meant to implement. I guess future hardware may be able to generate more types of faults, otherwise I'd put a BUG here. --mgross > else > return fault_reason_strings[fault_reason]; > } > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow 2007-10-24 23:30 ` Mark Gross @ 2007-10-25 7:31 ` Takashi Iwai 2007-10-25 15:15 ` Keshavamurthy, Anil S 0 siblings, 1 reply; 4+ messages in thread From: Takashi Iwai @ 2007-10-25 7:31 UTC (permalink / raw) To: mgross; +Cc: linux-kernel, torvalds, anil.s.keshavamurthy At Wed, 24 Oct 2007 16:30:37 -0700, Mark Gross wrote: > > On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote: > > Fix possible array overflow: > > > > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’: > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’: > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > > > --- > > drivers/pci/intel-iommu.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c > > index b3d7031..e4b0a0d 100644 > > --- a/drivers/pci/intel-iommu.c > > +++ b/drivers/pci/intel-iommu.c > > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] = > > > > char *dmar_get_fault_reason(u8 fault_reason) > > { > > - if (fault_reason > MAX_FAULT_REASON_IDX) > > - return fault_reason_strings[MAX_FAULT_REASON_IDX]; > > + if (fault_reason >= MAX_FAULT_REASON_IDX) > > + return fault_reason_strings[MAX_FAULT_REASON_IDX - 1]; > > This looks like what the code meant to implement. I think not. The size of fault_reason_strings[] is MAX_FAULT_REASON_IDX, not + 1. So gcc warning is correct. Maybe the main problem is that the constant name is confusing... Takashi > I guess future > hardware may be able to generate more types of faults, otherwise I'd put > a BUG here. > > --mgross > > > > else > > return fault_reason_strings[fault_reason]; > > } > > - > > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Please read the FAQ at http://www.tux.org/lkml/ > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] intel-iommu: Fix array overflow 2007-10-25 7:31 ` Takashi Iwai @ 2007-10-25 15:15 ` Keshavamurthy, Anil S 0 siblings, 0 replies; 4+ messages in thread From: Keshavamurthy, Anil S @ 2007-10-25 15:15 UTC (permalink / raw) To: Takashi Iwai; +Cc: mgross, linux-kernel, torvalds, anil.s.keshavamurthy On Thu, Oct 25, 2007 at 09:31:02AM +0200, Takashi Iwai wrote: > At Wed, 24 Oct 2007 16:30:37 -0700, > Mark Gross wrote: > > > > On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote: > > > Fix possible array overflow: > > > > > > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’: > > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’: > > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > > > > > --- > > > drivers/pci/intel-iommu.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c > > > index b3d7031..e4b0a0d 100644 > > > --- a/drivers/pci/intel-iommu.c > > > +++ b/drivers/pci/intel-iommu.c > > > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] = > > > > > > char *dmar_get_fault_reason(u8 fault_reason) > > > { > > > - if (fault_reason > MAX_FAULT_REASON_IDX) > > > - return fault_reason_strings[MAX_FAULT_REASON_IDX]; > > > + if (fault_reason >= MAX_FAULT_REASON_IDX) > > > + return fault_reason_strings[MAX_FAULT_REASON_IDX - 1]; > > > > This looks like what the code meant to implement. > > I think not. The size of fault_reason_strings[] is > MAX_FAULT_REASON_IDX, not + 1. So gcc warning is correct. > Maybe the main problem is that the constant name is confusing... Yup, GCC warning is correct. the size of fault_reason_strings[] is MAX_FAULT_REASON_IDX and hence the max array that can be referenced is [MAX_FAULT_REASON_IDX -1], hence the fix by Takashi is correct. -Anil ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-10-25 15:29 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-10-23 8:57 [PATCH] intel-iommu: Fix array overflow Takashi Iwai 2007-10-24 23:30 ` Mark Gross 2007-10-25 7:31 ` Takashi Iwai 2007-10-25 15:15 ` Keshavamurthy, Anil S
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox