lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <86v7irm8sp.fsf@kernel.org>
Date: Sun, 30 Nov 2025 23:53:42 +0100
From: Pratyush Yadav <pratyush@...nel.org>
To: Pasha Tatashin <pasha.tatashin@...een.com>
Cc: pratyush@...nel.org,  rppt@...nel.org,  dmatlack@...gle.com,
  akpm@...ux-foundation.org,  linux-kernel@...r.kernel.org,
  linux-mm@...ck.org
Subject: Re: [PATCH] liveupdate: luo_core: fix redundant bound check in
 luo_ioctl()

On Sat, Nov 29 2025, Pasha Tatashin wrote:

> The kernel test robot reported a Smatch warning:
> kernel/liveupdate/luo_core.c:402 luo_ioctl() warn: unsigned 'nr' is
> never less than zero.
>
> This occurs because 'nr' is unsigned and LIVEUPDATE_CMD_BASE is
> currently defined as 0, making the check (nr < LIVEUPDATE_CMD_BASE)
> always false.
>
> Remove the explicit lower bound check. The logic remains correct because
> 'nr' is unsigned; if nr is less than LIVEUPDATE_CMD_BASE, the expression
> (nr - LIVEUPDATE_CMD_BASE) will wrap around to a large positive value.
> This will inevitably be larger than ARRAY_SIZE(luo_ioctl_ops) and be
> caught by the upper bound check.
>
> Reported-by: kernel test robot <lkp@...el.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202511280300.6pvBmXUS-lkp@intel.com/
> Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com>

Reviewed-by: Pratyush Yadav <pratyush@...nel.org>

[...]

-- 
Regards,
Pratyush Yadav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ