| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ed54857ed03779ee07d0dce66d6cd9c25c481e6.camel@gmail.com>
Date: Mon, 04 Nov 2024 10:13:25 +0100
From: Nuno Sá <noname.nuno@...il.com>
To: Jonathan Cameron <jic23@...nel.org>
Cc: Zicheng Qu <quzicheng@...wei.com>, nuno.sa@...log.com, lars@...afoo.de,
Michael.Hennerich@...log.com, djunho@...il.com,
alexandru.ardelean@...log.com, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org, tanghui20@...wei.com,
zhangqiao22@...wei.com, judy.chenhui@...wei.com
Subject: Re: [PATCH v2] iio: adc: ad7923: Fix buffer overflow for tx_buf and
ring_xfer
On Thu, 2024-10-31 at 21:05 +0000, Jonathan Cameron wrote:
> On Thu, 31 Oct 2024 15:20:24 +0100
> Nuno Sá <noname.nuno@...il.com> wrote:
>
> > On Tue, 2024-10-29 at 13:46 +0000, Zicheng Qu wrote:
> > > The AD7923 was updated to support devices with 8 channels, but the size
> > > of tx_buf and ring_xfer was not increased accordingly, leading to a
> > > potential buffer overflow in ad7923_update_scan_mode().
> > >
> > > Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the
> > > ad7908/ad7918/ad7928")
> > > Cc: <stable@...r.kernel.org>
> > > Signed-off-by: Nuno Sá <noname.nuno@...il.com>
> > > Signed-off-by: Zicheng Qu <quzicheng@...wei.com>
> > > ---
> >
> > Reviewed-by: Nuno Sa <nuno.sa@...log.com>
> >
>
> Confusing one. I'll fix the authorship up for your analog address
>
> Zicheng, usually a Suggested-by after checking with the author if it's
> a patch in a review thread.
>
> You can't really give someone elses' SoB without them explicitly sending it.
> If Nuno let you know that was fine off the list, then just mention that under
> ---
>
> This time I'm going to take Nuno's RB as fine to indicate no objection
> to the SoB. Nuno, feel free to shout if you want to handle this differently.
>
Oh, TBH, I did not realized by SOB tag was there. I'm fine with it even though I
agree a Suggested-by would likely make more sense.
- Nuno Sá
> Applied.
>
> Jonathan
>
>
> > > v2:
> > > - Fixed: Addressed buffer overflow in ad7923_update_scan_mode() due to
> > > insufficient tx_buf and ring_xfer size for 8-channel devices.
> > > - Issue: Original patch attempted to fix the overflow by limiting the
> > > length, but did not address the root cause of buffer size mismatch.
> > > - Solution: Increased tx_buf and ring_xfer sizes recommended by Nuno to
> > > support all 8 channels, ensuring adequate buffer capacity.
> > > - Previous patch link:
> > > https://lore.kernel.org/linux-iio/20241028142357.1032380-1-quzicheng@huawei.com/T/#u
> > > drivers/iio/adc/ad7923.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c
> > > index 09680015a7ab..acc44cb34f82 100644
> > > --- a/drivers/iio/adc/ad7923.c
> > > +++ b/drivers/iio/adc/ad7923.c
> > > @@ -48,7 +48,7 @@
> > >
> > > struct ad7923_state {
> > > struct spi_device *spi;
> > > - struct spi_transfer ring_xfer[5];
> > > + struct spi_transfer ring_xfer[9];
> > > struct spi_transfer scan_single_xfer[2];
> > > struct spi_message ring_msg;
> > > struct spi_message scan_single_msg;
> > > @@ -64,7 +64,7 @@ struct ad7923_state {
> > > * Length = 8 channels + 4 extra for 8 byte timestamp
> > > */
> > > __be16 rx_buf[12]
> > > __aligned(IIO_DMA_MINALIGN);
> > > - __be16 tx_buf[4];
> > > + __be16 tx_buf[8];
> > > };
> > >
> > > struct ad7923_chip_info {
> >
>
Powered by blists - more mailing lists