| Message ID | 1504539273-44522-1-git-send-email-mengxu.gatech@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, Sep 4, 2017 at 8:34 AM, Meng Xu <mengxu.gatech@gmail.com> wrote: > This patch delays the check of nd_reserved2 to the actual endpoint > (acpi_nfit_ctl) that uses it, as a prevention of a potential > double-fetch bug. > > Detailed discussion can be found at > https://marc.info/?l=linux-kernel&m=150421938113092&w=2 Thanks for doing this, I went ahead and copied this discussion into the patch and applied it.
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 19182d0..694b1b1 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -228,6 +228,10 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, if (cmd == ND_CMD_CALL) { call_pkg = buf; func = call_pkg->nd_command; + + for (i = 0; i < ARRAY_SIZE(call_pkg->nd_reserved2); i++) + if (call_pkg->nd_reserved2[i]) + return -EINVAL; } if (nvdimm) { diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c index 937fafa..0fb9adb 100644 --- a/drivers/nvdimm/bus.c +++ b/drivers/nvdimm/bus.c @@ -980,10 +980,6 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm, dev_dbg(dev, "%s:%s, idx: %llu, in: %zu, out: %zu, len %zu\n", __func__, dimm_name, pkg.nd_command, in_len, out_len, buf_len); - - for (i = 0; i < ARRAY_SIZE(pkg.nd_reserved2); i++) - if (pkg.nd_reserved2[i]) - return -EINVAL; } /* process an output envelope */
This patch delays the check of nd_reserved2 to the actual endpoint (acpi_nfit_ctl) that uses it, as a prevention of a potential double-fetch bug. Detailed discussion can be found at https://marc.info/?l=linux-kernel&m=150421938113092&w=2 Signed-off-by: Meng Xu <mengxu.gatech@gmail.com> --- drivers/acpi/nfit/core.c | 4 ++++ drivers/nvdimm/bus.c | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-)