| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241031210501.3da82113@jic23-huawei>
Date: Thu, 31 Oct 2024 21:05:01 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Nuno Sá <noname.nuno@...il.com>
Cc: Zicheng Qu <quzicheng@...wei.com>, nuno.sa@...log.com, lars@...afoo.de,
Michael.Hennerich@...log.com, djunho@...il.com,
alexandru.ardelean@...log.com, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org, tanghui20@...wei.com, zhangqiao22@...wei.com,
judy.chenhui@...wei.com
Subject: Re: [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and
ring_xfer
On Thu, 31 Oct 2024 15:20:24 +0100
Nuno Sá <noname.nuno@...il.com> wrote:
> On Tue, 2024-10-29 at 13:46 +0000, Zicheng Qu wrote:
> > The AD7923 was updated to support devices with 8 channels, but the size
> > of tx_buf and ring_xfer was not increased accordingly, leading to a
> > potential buffer overflow in ad7923_update_scan_mode().
> >
> > Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928")
> > Cc: <stable@...r.kernel.org>
> > Signed-off-by: Nuno Sá <noname.nuno@...il.com>
> > Signed-off-by: Zicheng Qu <quzicheng@...wei.com>
> > ---
>
> Reviewed-by: Nuno Sa <nuno.sa@...log.com>
>
Confusing one. I'll fix the authorship up for your analog address
Zicheng, usually a Suggested-by after checking with the author if it's
a patch in a review thread.
You can't really give someone elses' SoB without them explicitly sending it.
If Nuno let you know that was fine off the list, then just mention that under
---
This time I'm going to take Nuno's RB as fine to indicate no objection
to the SoB. Nuno, feel free to shout if you want to handle this differently.
Applied.
Jonathan
> > v2:
> > - Fixed: Addressed buffer overflow in ad7923_update_scan_mode() due to
> > insufficient tx_buf and ring_xfer size for 8-channel devices.
> > - Issue: Original patch attempted to fix the overflow by limiting the
> > length, but did not address the root cause of buffer size mismatch.
> > - Solution: Increased tx_buf and ring_xfer sizes recommended by Nuno to
> > support all 8 channels, ensuring adequate buffer capacity.
> > - Previous patch link:
> > https://lore.kernel.org/linux-iio/20241028142357.1032380-1-quzicheng@huawei.com/T/#u
> > drivers/iio/adc/ad7923.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c
> > index 09680015a7ab..acc44cb34f82 100644
> > --- a/drivers/iio/adc/ad7923.c
> > +++ b/drivers/iio/adc/ad7923.c
> > @@ -48,7 +48,7 @@
> >
> > struct ad7923_state {
> > struct spi_device *spi;
> > - struct spi_transfer ring_xfer[5];
> > + struct spi_transfer ring_xfer[9];
> > struct spi_transfer scan_single_xfer[2];
> > struct spi_message ring_msg;
> > struct spi_message scan_single_msg;
> > @@ -64,7 +64,7 @@ struct ad7923_state {
> > * Length = 8 channels + 4 extra for 8 byte timestamp
> > */
> > __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN);
> > - __be16 tx_buf[4];
> > + __be16 tx_buf[8];
> > };
> >
> > struct ad7923_chip_info {
>
Powered by blists - more mailing lists