Message ID | 20240827101239.22020-1-amishin@t-argos.ru (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() | expand |
On 2024/8/27 18:12, Aleksandr Mishin wrote: > In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame' > will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block > because do{} block will be executed even if 'i == 0'. > > Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: a712c3ed9b8a ("acpi/arm64: Add memory-mapped timer support in GTDT driver") > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > drivers/acpi/arm64/gtdt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c > index c0e77c1c8e09..eb6c2d360387 100644 > --- a/drivers/acpi/arm64/gtdt.c > +++ b/drivers/acpi/arm64/gtdt.c > @@ -283,7 +283,7 @@ static int __init gtdt_parse_timer_block(struct acpi_gtdt_timer_block *block, > if (frame->virt_irq > 0) > acpi_unregister_gsi(gtdt_frame->virtual_timer_interrupt); > frame->virt_irq = 0; > - } while (i-- >= 0 && gtdt_frame--); > + } while (i-- > 0 && gtdt_frame--); Good catch, Acked-by: Hanjun Guo <guohanjun@huawei.com> It's a fix in the error path, so I think it's OK for next release cycle. Thanks Hanjun
On Tue, Aug 27, 2024 at 01:12:39PM +0300, Aleksandr Mishin wrote: > In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame' > will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block > because do{} block will be executed even if 'i == 0'. > > Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > (For some reason I don't see the original email in my inbox, might have got blocked
On Thu, Aug 29, 2024 at 05:17:44PM +0100, Sudeep Holla wrote: > On Tue, Aug 27, 2024 at 01:12:39PM +0300, Aleksandr Mishin wrote: > > In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame' > > will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block > > because do{} block will be executed even if 'i == 0'. > > > > Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > (For some reason I don't see the original email in my inbox, might have > got blocked
diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c index c0e77c1c8e09..eb6c2d360387 100644 --- a/drivers/acpi/arm64/gtdt.c +++ b/drivers/acpi/arm64/gtdt.c @@ -283,7 +283,7 @@ static int __init gtdt_parse_timer_block(struct acpi_gtdt_timer_block *block, if (frame->virt_irq > 0) acpi_unregister_gsi(gtdt_frame->virtual_timer_interrupt); frame->virt_irq = 0; - } while (i-- >= 0 && gtdt_frame--); + } while (i-- > 0 && gtdt_frame--); return -EINVAL; }
In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame' will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block because do{} block will be executed even if 'i == 0'. Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: a712c3ed9b8a ("acpi/arm64: Add memory-mapped timer support in GTDT driver") Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> --- drivers/acpi/arm64/gtdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)