lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211216123615.3e311c2b@jic23-huawei>
Date:   Thu, 16 Dec 2021 12:36:27 +0000
From:   Jonathan Cameron <jic23@...23.retrosnub.co.uk>
To:     Kees Cook <keescook@...omium.org>
Cc:     Lars-Peter Clausen <lars@...afoo.de>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        Alexandre Torgue <alexandre.torgue@...s.st.com>,
        Yury Norov <yury.norov@...il.com>,
        linux-kernel@...r.kernel.org, linux-iio@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com,
        linux-arm-kernel@...ts.infradead.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] iio: stmpe-adc: Use correctly sized arguments for bit
 field

On Wed, 15 Dec 2021 15:25:13 -0800
Kees Cook <keescook@...omium.org> wrote:

> The find.h APIs are designed to be used only on unsigned long arguments.
> This can technically result in a over-read, but it is harmless in this
> case. Regardless, fix it to avoid the warning seen under -Warray-bounds,
> which we'd like to enable globally:
> 
> In file included from ./include/linux/bitmap.h:9,
>                  from ./include/linux/cpumask.h:12,
>                  from ./arch/x86/include/asm/cpumask.h:5,
>                  from ./arch/x86/include/asm/msr.h:11,
>                  from ./arch/x86/include/asm/processor.h:22,
>                  from ./arch/x86/include/asm/cpufeature.h:5,
>                  from ./arch/x86/include/asm/thread_info.h:53,
>                  from ./include/linux/thread_info.h:60,
>                  from ./arch/x86/include/asm/preempt.h:7,
>                  from ./include/linux/preempt.h:78,
>                  from ./include/linux/spinlock.h:55,
>                  from ./include/linux/swait.h:7,
>                  from ./include/linux/completion.h:12,
>                  from drivers/iio/adc/stmpe-adc.c:10:
> drivers/iio/adc/stmpe-adc.c: In function 'stmpe_adc_probe':
> ./include/linux/find.h:98:23: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'u32[1]' {aka 'unsigned int[1]'} [-Warray-bounds]
>    98 |                 val = *addr | ~GENMASK(size - 1, offset);
>       |                       ^~~~~
> drivers/iio/adc/stmpe-adc.c:258:13: note: while referencing 'norequest_mask'
>   258 |         u32 norequest_mask = 0;
>       |             ^~~~~~~~~~~~~~
> 
> Signed-off-by: Kees Cook <keescook@...omium.org>

Applied to the togreg branch of iio.git and pushed out as testing to let
0-day have a first poke at it.

I took the view this one was trivial, but if anyone else wants to add
tags there will be a few days before this goes out in a form I'm not happy
to rebase.

Thanks,

Jonathan

> ---
>  drivers/iio/adc/stmpe-adc.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c
> index fba659bfdb40..d2d405388499 100644
> --- a/drivers/iio/adc/stmpe-adc.c
> +++ b/drivers/iio/adc/stmpe-adc.c
> @@ -256,6 +256,7 @@ static int stmpe_adc_probe(struct platform_device *pdev)
>  	struct stmpe_adc *info;
>  	struct device_node *np;
>  	u32 norequest_mask = 0;
> +	unsigned long bits;
>  	int irq_temp, irq_adc;
>  	int num_chan = 0;
>  	int i = 0;
> @@ -309,8 +310,8 @@ static int stmpe_adc_probe(struct platform_device *pdev)
>  
>  	of_property_read_u32(np, "st,norequest-mask", &norequest_mask);
>  
> -	for_each_clear_bit(i, (unsigned long *) &norequest_mask,
> -			   (STMPE_ADC_LAST_NR + 1)) {
> +	bits = norequest_mask;
> +	for_each_clear_bit(i, &bits, (STMPE_ADC_LAST_NR + 1)) {
>  		stmpe_adc_voltage_chan(&info->stmpe_adc_iio_channels[num_chan], i);
>  		num_chan++;
>  	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ