| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <011c53e6-d628-02b7-fc18-ca3165a45f98@raspberrypi.com>
Date: Mon, 27 Sep 2021 14:21:41 +0100
From: Phil Elwell <phil@...pberrypi.com>
To: Dan Carpenter <dan.carpenter@...cle.com>,
Arnd Bergmann <arnd@...nel.org>
Cc: Nicolas Saenz Julienne <nsaenz@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Arnd Bergmann <arnd@...db.de>,
Stefan Wahren <stefan.wahren@...e.com>,
Ojaswin Mujoo <ojaswin98@...il.com>,
Amarjargal Gundjalam <amarjargal16@...il.com>,
bcm-kernel-feedback-list@...adcom.com,
linux-rpi-kernel@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: vc04_services: shut up out-of-range warning
Hi Dan,
On 27/09/2021 13:26, Dan Carpenter wrote:
> On Mon, Sep 27, 2021 at 01:36:56PM +0200, Arnd Bergmann wrote:
>> From: Arnd Bergmann <arnd@...db.de>
>>
>> The comparison against SIZE_MAX produces a harmless warning on 64-bit
>> architectures:
>>
>> drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:185:16: error: result of comparison of constant 419244183493398898 with expression of type 'unsigned int' is always false [-Werror,-Wtautological-constant-out-of-range-compare]
>> if (num_pages > (SIZE_MAX - sizeof(struct pagelist) -
>> ~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Shut up that warning by adding a cast to a longer type.
>>
>> Fixes: ca641bae6da9 ("staging: vc04_services: prevent integer overflow in create_pagelist()")
>> Signed-off-by: Arnd Bergmann <arnd@...db.de>
>> ---
>> drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
>> index b25369a13452..967f10b9582a 100644
>> --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
>> +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
>> @@ -182,7 +182,7 @@ create_pagelist(char *buf, char __user *ubuf,
>> offset = (uintptr_t)ubuf & (PAGE_SIZE - 1);
>> num_pages = DIV_ROUND_UP(count + offset, PAGE_SIZE);
>>
>> - if (num_pages > (SIZE_MAX - sizeof(struct pagelist) -
>> + if ((size_t)num_pages > (SIZE_MAX - sizeof(struct pagelist) -
>> sizeof(struct vchiq_pagelist_info)) /
>> (sizeof(u32) + sizeof(pages[0]) +
>> sizeof(struct scatterlist)))
>
> The temptation would be to declare "num_pages" as size_t instead of
> adding this cost. But then something will complain about the
> "pagelistinfo->num_pages = num_pages;" assignment because
> "pagelistinfo->num_pages" is a u32.
>
> The next temptation is to change the SIZE_MAX to UINT_MAX. I didn't
> do that originally because I can't test this and I was trying not to
> break things... We probably still don't want to break things, but maybe
> there is someone who is more familiar with this who knows if UINT_MAX is
> okay?
The VPU can't address more than 1GB directly, so UINT_MAX is more than sufficient.
Phil
Powered by blists - more mailing lists