lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f7612643-87d6-4217-ab7b-b8bcccb72175@roeck-us.net>
Date: Fri, 17 May 2024 09:54:17 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Richard Fitzgerald <rf@...nsource.cirrus.com>
Cc: broonie@...nel.org, linux-kernel@...r.kernel.org,
	patches@...nsource.cirrus.com
Subject: Re: [PATCH] regmap: kunit: Fix array overflow in stride() test

On Fri, May 17, 2024 at 03:47:03PM +0100, Richard Fitzgerald wrote:
> Force the max_register of the test regmap to be one register longer
> than the number of test registers, to prevent an array overflow in
> the test loop.
> 
> The test defines num_reg_defaults = 6. With 6 registers and
> stride == 2 the valid register addresses would be 0, 2, 4, 6, 8, 10.
> However the loop checks attempting to access the odd address, so on
> the final register it accesses address 11, and it writes entry [11]
> of the read/written arrays.
> 
> Originally this worked because the max_register of the regmap was
> hardcoded to be BLOCK_TEST_SIZE (== 12).
> 
> commit 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero
> register addresses")
> introduced the ability to start the test address range from any address,
> which means adjusting the max_register. If max_register was not forced,
> it was calculated either from num_reg_defaults or BLOCK_TEST_SIZE. This
> correctly calculated that with num_reg_defaults == 6 and stride == 2 the
> final valid address is 10. So the read/written arrays are allocated to
> contain entries [0..10]. When stride attempted to access [11] it was
> overflowing the array.
> 
> Signed-off-by: Richard Fitzgerald <rf@...nsource.cirrus.com>
> Fixes: 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero register addresses")

Tested-by: Guenter Roeck <linux@...ck-us.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ