From patchwork Sat Aug 22 15:29:30 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tadeusz Struk <tadeusz.struk@intel.com>
X-Patchwork-Id: 7055941
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
X-Original-To: patchwork-linux-crypto@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 6075B9F2B4
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Sat, 22 Aug 2015 15:31:03 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 7A95B20675
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Sat, 22 Aug 2015 15:31:02 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 5F54620673
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Sat, 22 Aug 2015 15:31:01 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752674AbbHVPar (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Sat, 22 Aug 2015 11:30:47 -0400
Received: from mga01.intel.com ([192.55.52.88]:46913 "EHLO mga01.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752455AbbHVPar (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
	Sat, 22 Aug 2015 11:30:47 -0400
Received: from orsmga003.jf.intel.com ([10.7.209.27])
	by fmsmga101.fm.intel.com with ESMTP; 22 Aug 2015 08:30:46 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.15,728,1432623600"; d="scan'208";a="630302984"
Received: from bjiang-mobl.amr.corp.intel.com (HELO tstruk-mobl1.intel.com)
	([10.254.188.39])
	by orsmga003.jf.intel.com with ESMTP; 22 Aug 2015 08:30:46 -0700
Message-ID: <55D8955A.5010106@intel.com>
Date: Sat, 22 Aug 2015 08:29:30 -0700
From: Tadeusz Struk <tadeusz.struk@intel.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Dan Carpenter <dan.carpenter@oracle.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"Allan, Bruce W" <bruce.w.allan@intel.com>,
	Ahsan Atta <ahsan.atta@intel.com>, qat-linux@intel.com,
	linux-crypto@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] crypto: qat - silence a static checker warning
References: <20150821084745.GB25369@mwanda>
In-Reply-To: <20150821084745.GB25369@mwanda>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Hi Dan,
On 08/21/2015 01:47 AM, Dan Carpenter wrote:
> My static checker assumes that if we are getting numbers as a string
> using kstrotoint() then that means they come from outside the kernel and
> are untrustworthy.
> 
> This may or may not be true in this case, but it seems harmless to add
> a range check here.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c
> index d5d8198..ec3abf9 100644
> --- a/drivers/crypto/qat/qat_common/adf_transport.c
> +++ b/drivers/crypto/qat/qat_common/adf_transport.c
> @@ -264,6 +264,10 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section,
>  		dev_err(&GET_DEV(accel_dev), "Can't get ring number\n");
>  		return -EFAULT;
>  	}
> +	if (ring_num >= ARRAY_SIZE(bank->rings)) {
> +		dev_err(&GET_DEV(accel_dev), "Invalid ring number\n");
> +		return -EFAULT;
> +	}
>  
>  	bank = &transport_data->banks[bank_num];
>  	if (adf_reserve_ring(bank, ring_num)) {
> 

ACK, although I would use the ADF_ETR_MAX_RINGS_PER_BANK define.
So if you don't mind.
Thanks!
---8<---

Add range check for ring number.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c
index d5d8198..3865ae8 100644
--- a/drivers/crypto/qat/qat_common/adf_transport.c
+++ b/drivers/crypto/qat/qat_common/adf_transport.c
@@ -264,6 +264,10 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section,
 		dev_err(&GET_DEV(accel_dev), "Can't get ring number\n");
 		return -EFAULT;
 	}
+	if (ring_num >= ADF_ETR_MAX_RINGS_PER_BANK) {
+		dev_err(&GET_DEV(accel_dev), "Invalid ring number\n");
+		return -EFAULT;
+	}
 
 	bank = &transport_data->banks[bank_num];
 	if (adf_reserve_ring(bank, ring_num)) {