lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20121023121005.ed33061a.akpm@linux-foundation.org>
Date:	Tue, 23 Oct 2012 12:10:05 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Denis Kirjanov <kirjanov@...il.com>
Cc:	linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Doug Thompson <dougthompson@...ssion.com>,
	Borislav Petkov <borislav.petkov@....com>
Subject: Re: [PATCH] edac: fix buffer overrun if no suitable bandwidth found

On Mon, 22 Oct 2012 19:30:58 +0400
Denis Kirjanov <kirjanov@...il.com> wrote:

> fix buffer overrun if no suitable bandwidth found
> 
> Signed-off-by: Denis Kirjanov <kirjanov@...il.com>
> ---
>  drivers/edac/amd64_edac.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
> index 5a297a2..d85ad9e 100644
> --- a/drivers/edac/amd64_edac.c
> +++ b/drivers/edac/amd64_edac.c
> @@ -188,6 +188,9 @@ static int __amd64_set_scrub_rate(struct pci_dev *ctl, u32 new_bw, u32 min_rate)
>  		 * scrubrates array.
>  		 */
>  	}
> +	if (i == ARRAY_SIZE(scrubrates)) {
> +		i--;
> +	}
>  
>  	scrubval = scrubrates[i].scrubval;
>  

That's pretty strange code in there.

If the comment is to be believed, isn't this a suitable fix?

--- a/drivers/edac/amd64_edac.c~a
+++ a/drivers/edac/amd64_edac.c
@@ -171,7 +171,7 @@ static int __amd64_set_scrub_rate(struct
 	 * bandwidth entry that is greater or equal than the setting requested
 	 * and program that. If at last entry, turn off DRAM scrubbing.
 	 */
-	for (i = 0; i < ARRAY_SIZE(scrubrates); i++) {
+	for (i = 0; i < ARRAY_SIZE(scrubrates) - 1; i++) {
 		/*
 		 * skip scrub rates which aren't recommended
 		 * (see F10 BKDG, F3x58)
_

Also, I don't think "buffer overrun" is an appropriate description here
- to me, "buffer overrun" implies writing to memory outside the buffer.
 I'd call this "array overindexing" or similar.

Finally, when fixing a bug, please always describe the user-visible
impact of that bug.  You have cc'ed stable on this patch (using the
incorrect email address, btw) which implies that the effects are serious,
but people will want to know specific details about those effects when
considering the patch.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ