Netdev Archive on lore.kernel.org help / color / mirror / Atom feed
* [PATCH net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() [not found] <CANtMP6qvcE+u61+HUyEFNu15kQ02a1P5_mGRSHuyeCxkf4pQbA@mail.gmail.com> @ 2021-08-16 9:26 ` Dan Carpenter 2021-08-16 10:48 ` Kumar, M Chetan 0 siblings, 1 reply; 5+ messages in thread From: Dan Carpenter @ 2021-08-16 9:26 UTC (permalink / raw) To: M Chetan Kumar, Solomon Ucko Cc: Intel Corporation, Loic Poulain, Sergey Ryazanov, Johannes Berg, David S. Miller, Jakub Kicinski, netdev, security The bounds check on "index" doesn't catch negative values. Using ARRAY_SIZE() directly is more readable and more robust because it prevents negative values for "index". Fortunately we only pass valid values to ipc_chnl_cfg_get() so this patch does not affect runtime. Reported-by: Solomon Ucko <solly.ucko@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- I suspect this is bug report was based on static analysis. I had a Smatch check that used to print a warning, but then I modified it to only complain when the index was user controlled. drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c index 804e6c4f2c78..016c9c3aea8e 100644 --- a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c +++ b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c @@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = { int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index) { - int array_size = ARRAY_SIZE(modem_cfg); - - if (index >= array_size) { - pr_err("index: %d and array_size %d", index, array_size); + if (index >= ARRAY_SIZE(modem_cfg)) { + pr_err("index: %d and array_size %lu", index, + ARRAY_SIZE(modem_cfg)); return -ECHRNG; } -- 2.20.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() 2021-08-16 9:26 ` [PATCH net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() Dan Carpenter @ 2021-08-16 10:48 ` Kumar, M Chetan 2021-08-16 11:13 ` [PATCH v2 " Dan Carpenter 0 siblings, 1 reply; 5+ messages in thread From: Kumar, M Chetan @ 2021-08-16 10:48 UTC (permalink / raw) To: Dan Carpenter, Solomon Ucko Cc: linuxwwan, Loic Poulain, Sergey Ryazanov, Johannes Berg, David S. Miller, Jakub Kicinski, netdev, security Hi Dan, > +++ b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c > @@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = { > > int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index) { > - int array_size = ARRAY_SIZE(modem_cfg); > - > - if (index >= array_size) { > - pr_err("index: %d and array_size %d", index, array_size); > + if (index >= ARRAY_SIZE(modem_cfg)) { > + pr_err("index: %d and array_size %lu", index, array_size is removed so please change array_size in pr_err to array size (remove _). Also change in pr_err array size format "%lu" is throwing warning [1] in 32bit env. [1] from ../drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c:6: ../drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c: In function 'ipc_chnl_cfg_get': ../include/linux/kern_levels.h:5:18: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat=] Regards, Chetan ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() 2021-08-16 10:48 ` Kumar, M Chetan @ 2021-08-16 11:13 ` Dan Carpenter 2021-08-16 12:17 ` Kumar, M Chetan 2021-08-16 12:50 ` patchwork-bot+netdevbpf 0 siblings, 2 replies; 5+ messages in thread From: Dan Carpenter @ 2021-08-16 11:13 UTC (permalink / raw) To: M Chetan Kumar, Solomon Ucko Cc: Intel Corporation, Loic Poulain, Sergey Ryazanov, Johannes Berg, David S. Miller, Jakub Kicinski, netdev, security The bounds check on "index" doesn't catch negative values. Using ARRAY_SIZE() directly is more readable and more robust because it prevents negative values for "index". Fortunately we only pass valid values to ipc_chnl_cfg_get() so this patch does not affect runtime. Reported-by: Solomon Ucko <solly.ucko@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- v2: Remove underscore between "array" and "size". Use %zu print format specifier to fix a compile warning on 32 bit. drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c index 804e6c4f2c78..016c9c3aea8e 100644 --- a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c +++ b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c @@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = { int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index) { - int array_size = ARRAY_SIZE(modem_cfg); - - if (index >= array_size) { - pr_err("index: %d and array_size %d", index, array_size); + if (index >= ARRAY_SIZE(modem_cfg)) { + pr_err("index: %d and array size %zu", index, + ARRAY_SIZE(modem_cfg)); return -ECHRNG; } -- 2.20.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH v2 net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() 2021-08-16 11:13 ` [PATCH v2 " Dan Carpenter @ 2021-08-16 12:17 ` Kumar, M Chetan 2021-08-16 12:50 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 5+ messages in thread From: Kumar, M Chetan @ 2021-08-16 12:17 UTC (permalink / raw) To: Dan Carpenter, Solomon Ucko Cc: linuxwwan, Loic Poulain, Sergey Ryazanov, Johannes Berg, David S. Miller, Jakub Kicinski, netdev, security > -----Original Message----- > From: Dan Carpenter <dan.carpenter@oracle.com> > Sent: Monday, August 16, 2021 4:44 PM > To: Kumar, M Chetan <m.chetan.kumar@intel.com>; Solomon Ucko > <solly.ucko@gmail.com> > Cc: linuxwwan <linuxwwan@intel.com>; Loic Poulain > <loic.poulain@linaro.org>; Sergey Ryazanov <ryazanov.s.a@gmail.com>; > Johannes Berg <johannes@sipsolutions.net>; David S. Miller > <davem@davemloft.net>; Jakub Kicinski <kuba@kernel.org>; > netdev@vger.kernel.org; security@kernel.org > Subject: [PATCH v2 net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() > > The bounds check on "index" doesn't catch negative values. Using > ARRAY_SIZE() directly is more readable and more robust because it prevents > negative values for "index". Fortunately we only pass valid values to > ipc_chnl_cfg_get() so this patch does not affect runtime. > > > Reported-by: Solomon Ucko <solly.ucko@gmail.com> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > v2: Remove underscore between "array" and "size". > Use %zu print format specifier to fix a compile warning on 32 bit. > > drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) Reviewed-by: M Chetan Kumar <m.chetan.kumar@intel.com> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() 2021-08-16 11:13 ` [PATCH v2 " Dan Carpenter 2021-08-16 12:17 ` Kumar, M Chetan @ 2021-08-16 12:50 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 5+ messages in thread From: patchwork-bot+netdevbpf @ 2021-08-16 12:50 UTC (permalink / raw) To: Dan Carpenter Cc: m.chetan.kumar, solly.ucko, linuxwwan, loic.poulain, ryazanov.s.a, johannes, davem, kuba, netdev, security Hello: This patch was applied to netdev/net.git (refs/heads/master): On Mon, 16 Aug 2021 14:13:33 +0300 you wrote: > The bounds check on "index" doesn't catch negative values. Using > ARRAY_SIZE() directly is more readable and more robust because it prevents > negative values for "index". Fortunately we only pass valid values to > ipc_chnl_cfg_get() so this patch does not affect runtime. > > > Reported-by: Solomon Ucko <solly.ucko@gmail.com> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > [...] Here is the summary with links: - [v2,net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() https://git.kernel.org/netdev/net/c/4f3f2e3fa043 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-16 12:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CANtMP6qvcE+u61+HUyEFNu15kQ02a1P5_mGRSHuyeCxkf4pQbA@mail.gmail.com>
2021-08-16 9:26 ` [PATCH net] net: iosm: Prevent underflow in ipc_chnl_cfg_get() Dan Carpenter
2021-08-16 10:48 ` Kumar, M Chetan
2021-08-16 11:13 ` [PATCH v2 " Dan Carpenter
2021-08-16 12:17 ` Kumar, M Chetan
2021-08-16 12:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).