lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4854b569-5032-4b75-80a6-8c5822845dc7@baylibre.com>
Date: Mon, 24 Mar 2025 08:50:15 -0500
From: David Lechner <dlechner@...libre.com>
To: Dan Carpenter <dan.carpenter@...aro.org>, oe-kbuild@...ts.linux.dev,
 Jonathan Cameron <jic23@...nel.org>, linux-iio@...r.kernel.org
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
 Michael Hennerich <Michael.Hennerich@...log.com>,
 Angelo Dureghello <adureghello@...libre.com>,
 Alexandru Ardelean <aardelean@...libre.com>,
 Beniamin Bia <beniamin.bia@...log.com>, Stefan Popa
 <stefan.popa@...log.com>, linux-kernel@...r.kernel.org,
 Nuno Sá <nuno.sa@...log.com>
Subject: Re: [PATCH v2 09/10] iio: adc: ad7606: dynamically allocate channel
 info

On 3/22/25 12:25 PM, Dan Carpenter wrote:
> Hi David,
> 
> kernel test robot noticed the following build warnings:
> 
> url:    https://github.com/intel-lab-lkp/linux/commits/David-Lechner/iio-adc-ad7606-check-for-NULL-before-calling-sw_mode_config/20250319-065737
> base:   9f36acefb2621d980734a5bb7d74e0e24e0af166
> patch link:    https://lore.kernel.org/r/20250318-iio-adc-ad7606-improvements-v2-9-4b605427774c%40baylibre.com
> patch subject: [PATCH v2 09/10] iio: adc: ad7606: dynamically allocate channel info
> config: arm64-randconfig-r071-20250322 (https://download.01.org/0day-ci/archive/20250322/202503222246.RafigmhQ-lkp@intel.com/config)
> compiler: clang version 21.0.0git (https://github.com/llvm/llvm-project c2692afc0a92cd5da140dfcdfff7818a5b8ce997)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
> | Closes: https://lore.kernel.org/r/202503222246.RafigmhQ-lkp@intel.com/
> 
> smatch warnings:
> drivers/iio/adc/ad7606.c:1270 ad7606_probe_channels() warn: potentially one past the end of array 'channels[i]'
> 
> vim +1270 drivers/iio/adc/ad7606.c
> 
> 87cf5705725eeb David Lechner      2025-03-18  1196  static int ad7606_probe_channels(struct iio_dev *indio_dev)
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1197  {
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1198  	struct ad7606_state *st = iio_priv(indio_dev);
> 87cf5705725eeb David Lechner      2025-03-18  1199  	struct device *dev = indio_dev->dev.parent;
> 87cf5705725eeb David Lechner      2025-03-18  1200  	struct iio_chan_spec *channels;
> 87cf5705725eeb David Lechner      2025-03-18  1201  	bool slow_bus;
> 87cf5705725eeb David Lechner      2025-03-18  1202  	int ret, i;
> 87cf5705725eeb David Lechner      2025-03-18  1203  
> 87cf5705725eeb David Lechner      2025-03-18  1204  	slow_bus = !st->bops->iio_backend_config;
> 87cf5705725eeb David Lechner      2025-03-18  1205  	indio_dev->num_channels = st->chip_info->num_adc_channels;
> 87cf5705725eeb David Lechner      2025-03-18  1206  
> 87cf5705725eeb David Lechner      2025-03-18  1207  	/* Slow buses also get 1 more channel for soft timestamp */
> 87cf5705725eeb David Lechner      2025-03-18  1208  	if (slow_bus)
> 87cf5705725eeb David Lechner      2025-03-18  1209  		indio_dev->num_channels++;
> 87cf5705725eeb David Lechner      2025-03-18  1210  
> 87cf5705725eeb David Lechner      2025-03-18  1211  	channels = devm_kcalloc(dev, indio_dev->num_channels, sizeof(*channels),
> 87cf5705725eeb David Lechner      2025-03-18  1212  				GFP_KERNEL);
> 87cf5705725eeb David Lechner      2025-03-18  1213  	if (!channels)
> f3838e934dfff2 Alexandru Ardelean 2024-09-19  1214  		return -ENOMEM;
> f3838e934dfff2 Alexandru Ardelean 2024-09-19  1215  
> 87cf5705725eeb David Lechner      2025-03-18  1216  	for (i = 0; i < indio_dev->num_channels; i++) {

The fix is to change this line to:

							for (i = 0; i < st->chip_info->num_adc_channels; i++) {

> 87cf5705725eeb David Lechner      2025-03-18  1217  		struct iio_chan_spec *chan = &channels[i];
> 87cf5705725eeb David Lechner      2025-03-18  1218  
> 87cf5705725eeb David Lechner      2025-03-18  1219  		chan->type = IIO_VOLTAGE;
> 87cf5705725eeb David Lechner      2025-03-18  1220  		chan->indexed = 1;
> 87cf5705725eeb David Lechner      2025-03-18  1221  		chan->channel = i;
> 87cf5705725eeb David Lechner      2025-03-18  1222  		chan->scan_index = i;
> 87cf5705725eeb David Lechner      2025-03-18  1223  		chan->scan_type.sign = 's';
> 87cf5705725eeb David Lechner      2025-03-18  1224  		chan->scan_type.realbits = st->chip_info->bits;
> 87cf5705725eeb David Lechner      2025-03-18  1225  		chan->scan_type.storagebits = st->chip_info->bits > 16 ? 32 : 16;
> 87cf5705725eeb David Lechner      2025-03-18  1226  		chan->scan_type.endianness = IIO_CPU;
> f3838e934dfff2 Alexandru Ardelean 2024-09-19  1227  
> 87cf5705725eeb David Lechner      2025-03-18  1228  		if (indio_dev->modes & INDIO_DIRECT_MODE)
> 87cf5705725eeb David Lechner      2025-03-18  1229  			chan->info_mask_separate |= BIT(IIO_CHAN_INFO_RAW);
> 87cf5705725eeb David Lechner      2025-03-18  1230  
> 87cf5705725eeb David Lechner      2025-03-18  1231  		if (st->sw_mode_en) {
> 87cf5705725eeb David Lechner      2025-03-18  1232  			chan->info_mask_separate |= BIT(IIO_CHAN_INFO_SCALE);
> 87cf5705725eeb David Lechner      2025-03-18  1233  			chan->info_mask_separate_available |=
> 87cf5705725eeb David Lechner      2025-03-18  1234  				BIT(IIO_CHAN_INFO_SCALE);
> 87cf5705725eeb David Lechner      2025-03-18  1235  
> 87cf5705725eeb David Lechner      2025-03-18  1236  			/*
> 87cf5705725eeb David Lechner      2025-03-18  1237  			 * All chips with software mode support oversampling,
> 87cf5705725eeb David Lechner      2025-03-18  1238  			 * so we skip the oversampling_available check. And the
> 87cf5705725eeb David Lechner      2025-03-18  1239  			 * shared_by_type instead of shared_by_all on slow
> 87cf5705725eeb David Lechner      2025-03-18  1240  			 * buses is for backward compatibility.
> 87cf5705725eeb David Lechner      2025-03-18  1241  			 */
> 87cf5705725eeb David Lechner      2025-03-18  1242  			if (slow_bus)
> 87cf5705725eeb David Lechner      2025-03-18  1243  				chan->info_mask_shared_by_type |=
> 87cf5705725eeb David Lechner      2025-03-18  1244  					BIT(IIO_CHAN_INFO_OVERSAMPLING_RATIO);
> 87cf5705725eeb David Lechner      2025-03-18  1245  			else
> 87cf5705725eeb David Lechner      2025-03-18  1246  				chan->info_mask_shared_by_all |=
> 87cf5705725eeb David Lechner      2025-03-18  1247  					BIT(IIO_CHAN_INFO_OVERSAMPLING_RATIO);
> 87cf5705725eeb David Lechner      2025-03-18  1248  
> 87cf5705725eeb David Lechner      2025-03-18  1249  			chan->info_mask_shared_by_all_available |=
> 87cf5705725eeb David Lechner      2025-03-18  1250  				BIT(IIO_CHAN_INFO_OVERSAMPLING_RATIO);
> 87cf5705725eeb David Lechner      2025-03-18  1251  		} else {
> 87cf5705725eeb David Lechner      2025-03-18  1252  			chan->info_mask_shared_by_type |=
> 87cf5705725eeb David Lechner      2025-03-18  1253  				BIT(IIO_CHAN_INFO_SCALE);
> 87cf5705725eeb David Lechner      2025-03-18  1254  
> 87cf5705725eeb David Lechner      2025-03-18  1255  			if (st->chip_info->oversampling_avail)
> 87cf5705725eeb David Lechner      2025-03-18  1256  				chan->info_mask_shared_by_all |=
> 87cf5705725eeb David Lechner      2025-03-18  1257  					BIT(IIO_CHAN_INFO_OVERSAMPLING_RATIO);
> 87cf5705725eeb David Lechner      2025-03-18  1258  		}
> 87cf5705725eeb David Lechner      2025-03-18  1259  
> 87cf5705725eeb David Lechner      2025-03-18  1260  		if (!slow_bus)
> 87cf5705725eeb David Lechner      2025-03-18  1261  			chan->info_mask_shared_by_all |=
> 87cf5705725eeb David Lechner      2025-03-18  1262  				BIT(IIO_CHAN_INFO_SAMP_FREQ);
> 87cf5705725eeb David Lechner      2025-03-18  1263  
> 87cf5705725eeb David Lechner      2025-03-18  1264  		ret = st->chip_info->scale_setup_cb(indio_dev, chan);
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1265  		if (ret)
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1266  			return ret;
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1267  	}
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1268  
> 87cf5705725eeb David Lechner      2025-03-18  1269  	if (slow_bus)
> 87cf5705725eeb David Lechner      2025-03-18 @1270  		channels[i] = (struct iio_chan_spec)IIO_CHAN_SOFT_TIMESTAMP(i);
>                                                                 ^^^^^^^^^^^
> i is == indio_dev->num_channels so this is out of bounds by one element.
> 
> 87cf5705725eeb David Lechner      2025-03-18  1271  
> 87cf5705725eeb David Lechner      2025-03-18  1272  	indio_dev->channels = channels;
> 87cf5705725eeb David Lechner      2025-03-18  1273  
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1274  	return 0;
> e571c1902116a3 Alexandru Ardelean 2024-09-19  1275  }
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ