lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aBRLqGDpV8Y63JaJ@surfacebook.localdomain>
Date: Fri, 2 May 2025 07:35:52 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Lee Jones <lee@...nel.org>
Cc: Andy Shevchenko <andriy.shevchenko@...el.com>,
	Peter Tyser <ptyser@...-inc.com>,
	Purva Yeshi <purvayeshi550@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: (subset) [PATCH] mfd: lpc_ich: Fix ARRAY_SIZE usage for
 apl_gpio_resources

Thu, May 01, 2025 at 01:07:25PM +0100, Lee Jones kirjoitti:
> On Thu, 24 Apr 2025, Andy Shevchenko wrote:
> > On Fri, Apr 04, 2025 at 02:13:08PM +0100, Lee Jones wrote:
> > > On Sat, 22 Mar 2025 18:48:41 +0530, Purva Yeshi wrote:
> > > > Fix warning detected by smatch tool:
> > > > drivers/mfd/lpc_ich.c:194:34: error: strange non-value function or array
> > > > drivers/mfd/lpc_ich.c:194:34: error: missing type information
> > > > drivers/mfd/lpc_ich.c:201:34: error: strange non-value function or array
> > > > drivers/mfd/lpc_ich.c:201:34: error: missing type information
> > > > drivers/mfd/lpc_ich.c:208:34: error: strange non-value function or array
> > > > drivers/mfd/lpc_ich.c:208:34: error: missing type information
> > > > drivers/mfd/lpc_ich.c:215:34: error: strange non-value function or array
> > > > drivers/mfd/lpc_ich.c:215:34: error: missing type information

[...]

> > > Applied, thanks!
> > > 
> > > [1/1] mfd: lpc_ich: Fix ARRAY_SIZE usage for apl_gpio_resources
> > >       commit: 87e172b0fdd3aa4e3d099884e608dbc70ee3e663
> > 
> > Can this be reverted ASAP, please? See below why.
> > 
> > There is no problem with the code. The original author of the change
> > haven't proved otherwise.
> > 
> > The change made it much worse to read and maintain. By the way, it actually
> > _added_ the problem as far as I can see with my small test program.
> > 
> > Let's just calculate based on the sizeof(struct foo) taken as 10 for
> > simplicity and array size as 4x2. The full size of the array is
> > 4 * 2 * 10 bytes. The size of the entry in outer array will be 2 * 10 bytes.
> > Now, what ARRAY2D_SIZE do is (4 * 2 * 10 / 10 / (2 * 10 / 10) == 4, and
> > that's WRONG! This will make a out-of-boundary accesses possible.
> > 
> > If smatch can't parse something, it's problem of smatch. No need to "fix"
> > the working and robust code. The original code even allows (in theory) to have
> > different amount of resources per entry, however it's quite unlikely to happen.
> > But at bare minimum it shows the entry taken along with _its_ ARRAY_SIZE()
> > and not something common over the outer array.
> 
> Done.

I still see it as commit
https://web.git.kernel.org/pub/scm/linux/kernel/git/lee/mfd.git/commit/?h=for-mfd-next&id=c6c07f8ea2cbb0dca0e529f9ed16df71276515a4

-- 
With Best Regards,
Andy Shevchenko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ