leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d8655e7630
linux/drivers
History
Eiichi Tsukata d8655e7630 EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec 
Commit 9da21b1509 ("EDAC: Poll timeout cannot be zero, p2") assumes
edac_mc_poll_msec to be unsigned long, but the type of the variable still
remained as int. Setting edac_mc_poll_msec can trigger out-of-bounds
write.

Reproducer:

  # echo 1001 > /sys/module/edac_core/parameters/edac_mc_poll_msec

KASAN report:

  BUG: KASAN: global-out-of-bounds in edac_set_poll_msec+0x140/0x150
  Write of size 8 at addr ffffffffb91b2d00 by task bash/1996

  CPU: 1 PID: 1996 Comm: bash Not tainted 5.2.0-rc6+ #23
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
  Call Trace:
   dump_stack+0xca/0x13e
   print_address_description.cold+0x5/0x246
   __kasan_report.cold+0x75/0x9a
   ? edac_set_poll_msec+0x140/0x150
   kasan_report+0xe/0x20
   edac_set_poll_msec+0x140/0x150
   ? dimmdev_location_show+0x30/0x30
   ? vfs_lock_file+0xe0/0xe0
   ? _raw_spin_lock+0x87/0xe0
   param_attr_store+0x1b5/0x310
   ? param_array_set+0x4f0/0x4f0
   module_attr_store+0x58/0x80
   ? module_attr_show+0x80/0x80
   sysfs_kf_write+0x13d/0x1a0
   kernfs_fop_write+0x2bc/0x460
   ? sysfs_kf_bin_read+0x270/0x270
   ? kernfs_notify+0x1f0/0x1f0
   __vfs_write+0x81/0x100
   vfs_write+0x1e1/0x560
   ksys_write+0x126/0x250
   ? __ia32_sys_read+0xb0/0xb0
   ? do_syscall_64+0x1f/0x390
   do_syscall_64+0xc1/0x390
   entry_SYSCALL_64_after_hwframe+0x49/0xbe
  RIP: 0033:0x7fa7caa5e970
  Code: 73 01 c3 48 8b 0d 28 d5 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 99 2d 2c 00 00 75 10 b8 01 00 00 00 04
  RSP: 002b:00007fff6acfdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
  RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa7caa5e970
  RDX: 0000000000000005 RSI: 0000000000e95c08 RDI: 0000000000000001
  RBP: 0000000000e95c08 R08: 00007fa7cad1e760 R09: 00007fa7cb36a700
  R10: 0000000000000073 R11: 0000000000000246 R12: 0000000000000005
  R13: 0000000000000001 R14: 00007fa7cad1d600 R15: 0000000000000005

  The buggy address belongs to the variable:
   edac_mc_poll_msec+0x0/0x40

  Memory state around the buggy address:
   ffffffffb91b2c00: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
   ffffffffb91b2c80: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
  >ffffffffb91b2d00: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
                     ^
   ffffffffb91b2d80: 04 fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
   ffffffffb91b2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Fix it by changing the type of edac_mc_poll_msec to unsigned int.
The reason why this patch adopts unsigned int rather than unsigned long
is msecs_to_jiffies() assumes arg to be unsigned int. We can avoid
integer conversion bugs and unsigned int will be large enough for
edac_mc_poll_msec.

Reviewed-by: James Morse <james.morse@arm.com>
Fixes: 9da21b1509 ("EDAC: Poll timeout cannot be zero, p2")
Signed-off-by: Eiichi Tsukata <devel@etsukata.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2019-06-27 10:24:47 -07:00
..
accessibility treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 70 2019-05-24 17:36:47 +02:00
acpi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
amba treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
android treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
ata libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk 2019-06-13 03:17:11 -06:00
atm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
auxdisplay treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
base drivers/base/devres: introduce devm_release_action() 2019-06-13 17:34:56 -10:00
bcma
block block/ps3vram: Use %llu to format sector_t after LBDAF removal 2019-06-13 03:17:50 -06:00
bluetooth treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
bus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
cdrom treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 1 2019-05-21 11:28:39 +02:00
char treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 445 2019-06-05 17:37:18 +02:00
clk treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 445 2019-06-05 17:37:18 +02:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-06-16 07:22:56 -10:00
connector treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
counter treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
cpufreq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
cpuidle treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
crypto treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 442 2019-06-05 17:37:17 +02:00
dax mm/devm_memremap_pages: fix final page put race 2019-06-13 17:34:56 -10:00
dca treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 33 2019-05-24 17:27:11 +02:00
devfreq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
dio treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
dma SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
dma-buf SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
edac EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec 2019-06-27 10:24:47 -07:00
eisa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 210 2019-05-30 11:29:53 -07:00
extcon treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
firewire treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
firmware treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
fmc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 60 2019-05-24 17:36:45 +02:00
fpga SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
fsi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
gnss treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
gpio A single fix for the PCA953x driver affecting some fringe 2019-06-14 05:48:29 -10:00
gpu Merge branch 'drm-fixes-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2019-06-14 17:55:22 +02:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2019-06-13 05:59:05 -10:00
hsi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
hv treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
hwmon SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
hwspinlock
hwtracing treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
i2c i2c: pca-platform: Fix GPIO lookup code 2019-06-12 12:54:06 +02:00
i3c treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ide treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
idle treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
iio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
infiniband SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
input treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
interconnect treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
iommu IOMMU Fixes for Linux v5.2-rc4 2019-06-14 05:49:35 -10:00
ipack treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
irqchip treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
isdn SPDX update for 5.2-rc3, round 1 2019-05-31 08:34:32 -07:00
leds treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
lightnvm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 410 2019-06-05 17:37:14 +02:00
macintosh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 375 2019-06-05 17:37:10 +02:00
mailbox treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
mcb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
md bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached 2019-06-13 03:09:15 -06:00
media media updates for v5.2-rc1 2019-06-12 05:57:05 -10:00
memory treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 340 2019-06-05 17:37:07 +02:00
memstick memstick: mspro_block: Fix an error code in mspro_block_issue_req() 2019-05-28 09:53:54 +02:00
message treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mfd treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450 2019-06-05 17:37:18 +02:00
misc SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
mmc SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
mtd treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
mux
net SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
nfc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 417 2019-06-05 17:37:15 +02:00
ntb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
nubus treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
nvdimm mm/devm_memremap_pages: fix final page put race 2019-06-13 17:34:56 -10:00
nvme Merge branch 'nvme-5.2-rc-next' of git://git.infradead.org/nvme into for-linus 2019-06-07 14:04:28 -06:00
nvmem treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
of treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
opp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
oprofile
parisc SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
parport Char/Misc driver fixes for 5.2-rc4 2019-06-08 12:50:36 -07:00
pci mm/devm_memremap_pages: fix final page put race 2019-06-13 17:34:56 -10:00
pcmcia treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 256 2019-06-05 17:30:27 +02:00
perf treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
phy treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
pinctrl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
platform platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow 2019-06-12 11:49:20 +03:00
pnp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 150 2019-05-30 11:25:19 -07:00
power treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450 2019-06-05 17:37:18 +02:00
powercap treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 309 2019-06-05 17:37:04 +02:00
pps treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
ps3 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
ptp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167 2019-05-30 11:26:39 -07:00
pwm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372 2019-06-05 17:37:10 +02:00
rapidio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
ras RAS/CEC: Convert the timer callback to a workqueue 2019-06-07 23:21:39 +02:00
regulator regulator: Fix for v5.2 2019-06-10 07:35:55 -10:00
remoteproc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
reset treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
rpmsg
rtc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 09:29:14 -07:00
sbus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
scsi SCSI fixes on 20190614 2019-06-14 15:52:51 -10:00
sfi treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
sh treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
siox treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
slimbus
sn treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
soc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 409 2019-06-05 17:37:14 +02:00
soundwire treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
spi spi: Fixes for v5.2 2019-06-10 07:19:56 -10:00
spmi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
ssb treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
staging Staging/IIO driver fixes for 5.2-rc3 2019-05-31 08:31:45 -07:00
target treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
tc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tee treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
thermal treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
thunderbolt treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tty vt/fbcon: deinitialize resources in visual_init() after failed memory allocation 2019-05-24 17:08:18 +02:00
uio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
usb usb: typec: Make sure an alt mode exist before getting its partner 2019-06-12 17:13:02 +02:00
uwb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268 2019-06-05 17:30:29 +02:00
vfio vfio/mdev: Synchronize device create/remove with parent removal 2019-06-06 12:32:37 -06:00
vhost vhost: scsi: add weight support 2019-05-27 11:08:23 -04:00
video treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
virt treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
virtio virtio: Fix indentation of VIRTIO_MMIO 2019-05-27 11:08:22 -04:00
visorbus treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
vlynq treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102 2019-05-24 17:39:00 +02:00
vme treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
w1 SPDX update for 5.2-rc4 2019-06-08 12:52:42 -07:00
watchdog treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446 2019-06-05 17:37:18 +02:00
xen Merge branch 'stable/for-linus-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2019-06-11 15:38:34 -10:00
zorro treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Kconfig
Makefile