From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68B151F4CBC for ; Sun, 30 Nov 2025 09:38:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764495522; cv=none; b=NGFrNrhm9YVmioJD4jYQue6TfePLdEXbNEgm1QLACGCE6sjPzKgqpxwqFuF3TiP+dE/Z7mRBq5TmZBm1ABgHTYt0PKR3yBe4x9sVLggio/RfErMHTCXPTZADVmfUwerk/5+ntAHD4JFl6sMiDJVzaJ6rEa+UCHf8DzwY+YJsO7k= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764495522; c=relaxed/simple; bh=1rh+7wkuYPvUcyDDy2EaSXyO9kTi71dd9QiSf+SPeqo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ArKo8cFAhEGCSuOpReoWelR9zzjsZS4LWa8YU4vDOSbprYDKCxWXmYW9lNYUhVcMQoHzap+2fob58wWSfNSiOIK03FE/DYtphV+Oc/22/LVxrprHBiIiZvxqIhtTq//nEs5dMXYxQEn/ZPSqR+rGPh7NYVAaxzYJ5wQQWaChImI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AnLPvUs2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AnLPvUs2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B95B2C4CEF8; Sun, 30 Nov 2025 09:38:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1764495522; bh=1rh+7wkuYPvUcyDDy2EaSXyO9kTi71dd9QiSf+SPeqo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AnLPvUs2bfRc5Fet8oP+MqRgbZWzlG7vgETZO9x+3SuSwDE+iesC91KdrglmxTEt7 WtRfBJzd3S7U7EICJWfY2f1zdkUJB/J29h5CiJZeyqa31EjL/hW11IUAcyVycLIDs/ L6Ew5nCO/PVTQCkKAYCJnTb0rop5KgUIpet5xGfTk/meIRaBG8gJKzETKAUkM/1mLW neIFy1ETOHaqUEF/1hOUg7mRa/pC+eN79T8r34lj8fqHu88nUTjKMwCA7Z70XURdz0 ZUy6h81b6gzb8fEu7af7ugkCiJglRmlR6GjkBRq+ih4YJxSf4dkOUlG+D+l/zGlrJW t7NY7+W6HHb1A== Date: Sun, 30 Nov 2025 11:38:36 +0200 From: Mike Rapoport To: Pasha Tatashin Cc: pratyush@kernel.org, dmatlack@google.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] liveupdate: luo_core: fix redundant bound check in luo_ioctl() Message-ID: References: <20251130010919.1488230-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20251130010919.1488230-1-pasha.tatashin@soleen.com> On Sat, Nov 29, 2025 at 08:09:19PM -0500, Pasha Tatashin wrote: > The kernel test robot reported a Smatch warning: > kernel/liveupdate/luo_core.c:402 luo_ioctl() warn: unsigned 'nr' is > never less than zero. > > This occurs because 'nr' is unsigned and LIVEUPDATE_CMD_BASE is > currently defined as 0, making the check (nr < LIVEUPDATE_CMD_BASE) > always false. > > Remove the explicit lower bound check. The logic remains correct because > 'nr' is unsigned; if nr is less than LIVEUPDATE_CMD_BASE, the expression > (nr - LIVEUPDATE_CMD_BASE) will wrap around to a large positive value. > This will inevitably be larger than ARRAY_SIZE(luo_ioctl_ops) and be > caught by the upper bound check. > > Reported-by: kernel test robot > Closes: https://lore.kernel.org/oe-kbuild-all/202511280300.6pvBmXUS-lkp@intel.com/ > Signed-off-by: Pasha Tatashin Reviewed-by: Mike Rapoport (Microsoft) > --- > kernel/liveupdate/luo_core.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c > index 69298d82f404..7a9ef16b37d8 100644 > --- a/kernel/liveupdate/luo_core.c > +++ b/kernel/liveupdate/luo_core.c > @@ -404,10 +404,8 @@ static long luo_ioctl(struct file *filep, unsigned int cmd, unsigned long arg) > int err; > > nr = _IOC_NR(cmd); > - if (nr < LIVEUPDATE_CMD_BASE || > - (nr - LIVEUPDATE_CMD_BASE) >= ARRAY_SIZE(luo_ioctl_ops)) { > + if (nr - LIVEUPDATE_CMD_BASE >= ARRAY_SIZE(luo_ioctl_ops)) > return -EINVAL; > - } > > ucmd.ubuffer = (void __user *)arg; > err = get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer); > > base-commit: 7d31f578f3230f3b7b33b0930b08f9afd8429817 > -- > 2.52.0.487.g5c8c507ade-goog > -- Sincerely yours, Mike.