| Message ID | 1446156281-31024-1-git-send-email-vincent.stehle@laposte.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | aaec7e9f789eff57f620f38a96d0118b2a7d71c3 |
| Headers | show |
On Thu, Oct 29, 2015 at 11:04:41PM +0100, Vincent Stehlé wrote: > The size of the pointer to a data structure to send is erroneously > passed to sst_ipc_tx_message_wait() as its tx_bytes argument. It should > be given the size of the pointed skl_ipc_dxstate_info structure instead. This was reported by 0 day, please don't ignore reports from 0 day. > Cc: trivial@kernel.org This doesn't look like a trivial fix...
On Fri, Oct 30, 2015 at 12:02:58PM +0900, Mark Brown wrote: > On Thu, Oct 29, 2015 at 11:04:41PM +0100, Vincent Stehlé wrote: > > The size of the pointer to a data structure to send is erroneously > > passed to sst_ipc_tx_message_wait() as its tx_bytes argument. It should > > be given the size of the pointed skl_ipc_dxstate_info structure instead. > > This was reported by 0 day, please don't ignore reports from 0 day. I usually do keep track of any issues reported by 0day, must have missed this one then. Will check if any other issue was reported.. I know one issue at least for which we have a patch, will send that out as well
diff --git a/sound/soc/intel/skylake/skl-sst-ipc.c b/sound/soc/intel/skylake/skl-sst-ipc.c index 937a0a3..9aee835 100644 --- a/sound/soc/intel/skylake/skl-sst-ipc.c +++ b/sound/soc/intel/skylake/skl-sst-ipc.c @@ -638,7 +638,7 @@ int skl_ipc_set_dx(struct sst_generic_ipc *ipc, u8 instance_id, dev_dbg(ipc->dev, "In %s primary =%x ext=%x\n", __func__, header.primary, header.extension); ret = sst_ipc_tx_message_wait(ipc, *ipc_header, - dx, sizeof(dx), NULL, 0); + dx, sizeof(*dx), NULL, 0); if (ret < 0) { dev_err(ipc->dev, "ipc: set dx failed, err %d\n", ret); return ret;
The size of the pointer to a data structure to send is erroneously passed to sst_ipc_tx_message_wait() as its tx_bytes argument. It should be given the size of the pointed skl_ipc_dxstate_info structure instead. Coincidentally, both the pointer and the structure have the same size of 8 bytes on a 64 bit machine, which "masks" the issue. Compiling for 32 bit reveals the issue more clearly. Fix the typo for correctness, and to make the code robust to future evolutions of the skl_ipc_dxstate_info structure size. This fixes the following coccicheck error: sound/soc/intel/skylake/skl-sst-ipc.c:641:8-14: ERROR: application of sizeof to pointer Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net> Cc: Subhransu S. Prusty <subhransu.s.prusty@intel.com> Cc: Jeeja KP <jeeja.kp@intel.com> Cc: Vinod Koul <vinod.koul@intel.com> Cc: Mark Brown <broonie@kernel.org> Cc: trivial@kernel.org --- sound/soc/intel/skylake/skl-sst-ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)