| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 May 2023 13:21:22 -0500
From: Bjorn Helgaas <helgaas@...nel.org>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Krzysztof Wilczyński <kw@...ux.com>,
Rich Felker <dalias@...c.org>, linux-sh@...r.kernel.org,
linux-pci@...r.kernel.org,
Dominik Brodowski <linux@...inikbrodowski.net>,
linux-mips@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
Andrew Lunn <andrew@...n.ch>, sparclinux@...r.kernel.org,
Stefano Stabellini <sstabellini@...nel.org>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Gregory Clement <gregory.clement@...tlin.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Russell King <linux@...linux.org.uk>,
linux-acpi@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>,
xen-devel@...ts.xenproject.org, Matt Turner <mattst88@...il.com>,
Anatolij Gustschin <agust@...x.de>,
Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Niklas Schnelle <schnelle@...ux.ibm.com>,
Richard Henderson <richard.henderson@...aro.org>,
Nicholas Piggin <npiggin@...il.com>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
Mickaël Salaün <mic@...ikod.net>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
linux-arm-kernel@...ts.infradead.org,
Juergen Gross <jgross@...e.com>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Philippe Mathieu-Daudé <philmd@...aro.org>,
Pali Rohár <pali@...nel.org>,
Randy Dunlap <rdunlap@...radead.org>,
linux-kernel@...r.kernel.org,
Oleksandr Tyshchenko <oleksandr_tyshchenko@...m.com>,
linux-alpha@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
"David S. Miller" <davem@...emloft.net>,
"Maciej W. Rozycki" <macro@...am.me.uk>
Subject: Re: [PATCH v8 0/7] Add pci_dev_for_each_resource() helper and update
users
On Tue, Apr 04, 2023 at 11:11:01AM -0500, Bjorn Helgaas wrote:
> On Thu, Mar 30, 2023 at 07:24:27PM +0300, Andy Shevchenko wrote:
> > Provide two new helper macros to iterate over PCI device resources and
> > convert users.
> Applied 2-7 to pci/resource for v6.4, thanks, I really like this!
This is 09cc90063240 ("PCI: Introduce pci_dev_for_each_resource()")
upstream now.
Coverity complains about each use, sample below from
drivers/pci/vgaarb.c. I didn't investigate at all, so it might be a
false positive; just FYI.
1. Condition screen_info.capabilities & (2U /* 1 << 1 */), taking true branch.
556 if (screen_info.capabilities & VIDEO_CAPABILITY_64BIT_BASE)
557 base |= (u64)screen_info.ext_lfb_base << 32;
558
559 limit = base + size;
560
561 /* Does firmware framebuffer belong to us? */
2. Condition __b < PCI_NUM_RESOURCES, taking true branch.
3. Condition (r = &pdev->resource[__b]) , (__b < PCI_NUM_RESOURCES), taking true branch.
6. Condition __b < PCI_NUM_RESOURCES, taking true branch.
7. cond_at_most: Checking __b < PCI_NUM_RESOURCES implies that __b may be up to 16 on the true branch.
8. Condition (r = &pdev->resource[__b]) , (__b < PCI_NUM_RESOURCES), taking true branch.
11. incr: Incrementing __b. The value of __b may now be up to 17.
12. alias: Assigning: r = &pdev->resource[__b]. r may now point to as high as element 17 of pdev->resource (which consists of 17 64-byte elements).
13. Condition __b < PCI_NUM_RESOURCES, taking true branch.
14. Condition (r = &pdev->resource[__b]) , (__b < PCI_NUM_RESOURCES), taking true branch.
562 pci_dev_for_each_resource(pdev, r) {
4. Condition resource_type(r) != 512, taking true branch.
9. Condition resource_type(r) != 512, taking true branch.
CID 1529911 (#1 of 1): Out-of-bounds read (OVERRUN)
15. overrun-local: Overrunning array of 1088 bytes at byte offset 1088 by dereferencing pointer r. [show details]
563 if (resource_type(r) != IORESOURCE_MEM)
5. Continuing loop.
10. Continuing loop.
564 continue;
Powered by blists - more mailing lists