From: Kees Cook <keescook@chromium.org>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Kees Cook <keescook@chromium.org>, Rob Herring <robh@kernel.org>,
Jean Delvare <jdelvare@suse.com>,
linux-hwmon@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: [PATCH] hwmon: Explicitly initialize nct6775_sio_names indexes
Date: Thu, 16 Nov 2023 06:01:47 -0800 [thread overview]
Message-ID: <20231116140144.work.027-kees@kernel.org> (raw)
Changing the "kinds" enum start value to be 1-indexed instead of
0-indexed caused look-ups in nct6775_sio_namesp[] to be misaligned or
off the end. Coverity reported:
*** CID 1571052: Memory - illegal accesses (OVERRUN)
drivers/hwmon/nct6775-platform.c:1075 in nct6775_find()
1069 sio_data->kind == nct6793 || sio_data->kind == nct6795 ||
1070 sio_data->kind == nct6796 || sio_data->kind == nct6797 ||
1071 sio_data->kind == nct6798 || sio_data->kind == nct6799)
1072 nct6791_enable_io_mapping(sio_data);
1073
1074 sio_data->sio_exit(sio_data);
vvv CID 1571052: Memory - illegal accesses (OVERRUN)
vvv Overrunning array "nct6775_sio_names" of 13 8-byte elements at element index 13 (byte offset 111) using index "sio_data->kind" (which evaluates to 13).
1075 pr_info("Found %s or compatible chip at %#x:%#x\n",
1076 nct6775_sio_names[sio_data->kind], sioaddr, addr);
1077
1078 return addr;
1079 }
1080
Initialize the string list with explicit indexes.
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Rob Herring <robh@kernel.org>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: linux-hwmon@vger.kernel.org
Fixes: 0a7093e69c1e ("hwmon: nct6775-i2c: Use i2c_get_match_data()")
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/hwmon/nct6775-platform.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/drivers/hwmon/nct6775-platform.c b/drivers/hwmon/nct6775-platform.c
index 0adeeab7ee03..9aa4dcf4a6f3 100644
--- a/drivers/hwmon/nct6775-platform.c
+++ b/drivers/hwmon/nct6775-platform.c
@@ -23,19 +23,19 @@
enum sensor_access { access_direct, access_asuswmi };
static const char * const nct6775_sio_names[] __initconst = {
- "NCT6106D",
- "NCT6116D",
- "NCT6775F",
- "NCT6776D/F",
- "NCT6779D",
- "NCT6791D",
- "NCT6792D",
- "NCT6793D",
- "NCT6795D",
- "NCT6796D",
- "NCT6797D",
- "NCT6798D",
- "NCT6796D-S/NCT6799D-R",
+ [nct6106] = "NCT6106D",
+ [nct6116] = "NCT6116D",
+ [nct6775] = "NCT6775F",
+ [nct6776] = "NCT6776D/F",
+ [nct6779] = "NCT6779D",
+ [nct6791] = "NCT6791D",
+ [nct6792] = "NCT6792D",
+ [nct6793] = "NCT6793D",
+ [nct6795] = "NCT6795D",
+ [nct6796] = "NCT6796D",
+ [nct6797] = "NCT6797D",
+ [nct6798] = "NCT6798D",
+ [nct6799] = "NCT6796D-S/NCT6799D-R",
};
static unsigned short force_id;
--
2.34.1
reply other threads:[~2023-11-16 14:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231116140144.work.027-kees@kernel.org \
--to=keescook@chromium.org \
--cc=jdelvare@suse.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox