lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <lsq.1503062000.571935277@decadent.org.uk>
Date:   Fri, 18 Aug 2017 14:13:20 +0100
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org,
        "Dan Carpenter" <dan.carpenter@...cle.com>,
        "Bjorn Helgaas" <bhelgaas@...gle.com>
Subject: [PATCH 3.16 025/134] PCI: dwc: Fix uninitialized variable in
 dw_handle_msi_irq()

3.16.47-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@...cle.com>

commit 1b497e6493c49bbb55c89f53562f7f853495e90d upstream.

The bug is that "val" is unsigned long but we only initialize 32 bits of
it.  Then we test "if (val)" and that might be true not because we set the
bits but because some were never initialized.

Fixes: f342d940ee0e ("PCI: exynos: Add support for MSI")
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@...gle.com>
[bwh: Backported to 3.16: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 drivers/pci/host/pcie-designware.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/drivers/pci/host/pcie-designware.c
+++ b/drivers/pci/host/pcie-designware.c
@@ -158,19 +158,20 @@ static struct irq_chip dw_msi_irq_chip =
 /* MSI int handler */
 irqreturn_t dw_handle_msi_irq(struct pcie_port *pp)
 {
-	unsigned long val;
+	u32 val;
 	int i, pos, irq;
 	irqreturn_t ret = IRQ_NONE;
 
 	for (i = 0; i < MAX_MSI_CTRLS; i++) {
 		dw_pcie_rd_own_conf(pp, PCIE_MSI_INTR0_STATUS + i * 12, 4,
-				(u32 *)&val);
+				    &val);
 		if (!val)
 			continue;
 
 		ret = IRQ_HANDLED;
 		pos = 0;
-		while ((pos = find_next_bit(&val, 32, pos)) != 32) {
+		while ((pos = find_next_bit((unsigned long *) &val, 32,
+					    pos)) != 32) {
 			irq = irq_find_mapping(pp->irq_domain, i * 32 + pos);
 			dw_pcie_wr_own_conf(pp, PCIE_MSI_INTR0_STATUS + i * 12,
 					    4, 1 << pos);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ