| Message ID | 20230622195717.3125088-1-srinivas.pandruvada@linux.intel.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | platform/x86/intel/tpmi: Prevent overflow for cap_offset | expand |
Hi, On 6/22/23 21:57, Srinivas Pandruvada wrote: > cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT > (which is equal to 1024) to covert to bytes will cause overflow. This > will be a problem once more TPMI features are added. > > This field is not used except for calculating pfs->vsec_offset. So, leave > cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while > calculating pfs->vsec_offset. > > Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> > --- > Rebased on top of > https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 > review-hans Thank you for your patch, I've applied this patch to my fixes branch: https://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git/log/?h=fixes Note it will show up in my fixes branch once I've pushed my local branch there, which might take a while. I will include this patch in my next fixes pull-req to Linus for the current kernel development cycle. Regards, Hans > > drivers/platform/x86/intel/tpmi.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c > index 9c606ee2030c..d1fd6e69401c 100644 > --- a/drivers/platform/x86/intel/tpmi.c > +++ b/drivers/platform/x86/intel/tpmi.c > @@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev) > if (!pfs_start) > pfs_start = res_start; > > - pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT; > - > - pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset; > + pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT; > > /* > * Process TPMI_INFO to get PCI device to CPU package ID.
diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c index 9c606ee2030c..d1fd6e69401c 100644 --- a/drivers/platform/x86/intel/tpmi.c +++ b/drivers/platform/x86/intel/tpmi.c @@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev) if (!pfs_start) pfs_start = res_start; - pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT; - - pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset; + pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT; /* * Process TPMI_INFO to get PCI device to CPU package ID.
cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT (which is equal to 1024) to covert to bytes will cause overflow. This will be a problem once more TPMI features are added. This field is not used except for calculating pfs->vsec_offset. So, leave cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while calculating pfs->vsec_offset. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> --- Rebased on top of https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 review-hans drivers/platform/x86/intel/tpmi.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)