From patchwork Tue Mar 4 00:37:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 13999696 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8147E73176 for ; Tue, 4 Mar 2025 00:37:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048643; cv=none; b=bYH7c5uWmI9Ao06/kJ+o1Sinv3PeiJCpBkW7XaTjvocgcjg4yku8O/2XoqZrNjxgCXZmJdqohwiuhuOoKE/CmI/v6/5bWkF6yvnDbXQvfVGyoatU0QUlzmz4oCs2Hprv8Fpp62qWosjVa4qMQkspvIT1dMtYoJ6baNgDaFFdtXs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048643; c=relaxed/simple; bh=zDY5+qppEEd0Q3iP6qv7jz2cpU7m4khlkmPqhxhyktI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jPY1o5lE0apPh8CBldYIkhZ9pnqOO0wkYJIzwig4P1TeG/td/BIzImr7zerBdLTdaDvjd/Fzr9M9G40BPeKCvvPoEtTtR9U9LtUVmaPw8Y+IiCfXK1yXKFUFzouAFXgOJ9EsNX5Db63lS+wu0bmsYJiMG3S7JcDVFMrwoOhWHEw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=SJtg5wWL; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SJtg5wWL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741048642; x=1772584642; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zDY5+qppEEd0Q3iP6qv7jz2cpU7m4khlkmPqhxhyktI=; b=SJtg5wWLub7w5pGgO8vcxPu9yfgNXwUoONcX7V9Bql2TyI/dd7SxJa6n 2D/S3p80lIilhiutXypX5TVgBaOYnJXnwr6feYEBwNvw2EmbBl+SExKci fblx5uaVDILsyMaEbZdpQHq0yjfNsNIa60KxOdZ/h7KyXSDqxAsjoqAFO sYb55OlS9/6nLbX1WhoXZOlnOnzFVz6EHZDBZNyHFaKDH+3XIXjM6oE+8 1l+E1gAkYUNosdvhPgr/jJxRCbaNYgZYVu8iiJxHZcbgNI+bW/HnZUbbT qb98L5rkP+iP4ESxw6ZkRYpaz9cDC/Wgk25uxS6w57B7quI5PtxVJ/p/P Q==; X-CSE-ConnectionGUID: T7DQUbTxQq25utHwU72liA== X-CSE-MsgGUID: i3dAOLxySM2PxsIDa0My+Q== X-IronPort-AV: E=McAfee;i="6700,10204,11362"; a="41975317" X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="41975317" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:21 -0800 X-CSE-ConnectionGUID: btPjcQqWQJ2tYL9jN3w3Kw== X-CSE-MsgGUID: cOOac3sOQmam7EdnsqXjJg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="141427138" Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost) ([10.125.109.46]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:20 -0800 From: alison.schofield@intel.com To: nvdimm@lists.linux.dev Cc: Alison Schofield Subject: [ndctl PATCH 1/5] ndctl/namespace: avoid integer overflow in namespace validation Date: Mon, 3 Mar 2025 16:37:07 -0800 Message-ID: <9d4b1148babc3d6e43bd5beea807729940da2404.1741047738.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alison Schofield A coverity scan highlighted an integer overflow issue when testing if the size and align parameters make sense together. Before performing the multiplication, check that the result will not exceed the maximimum value that an unsigned long long can hold. Signed-off-by: Alison Schofield Reviewed-by: Dave Jiang --- ndctl/namespace.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index aa8c23a50385..bb0c2f2e28c7 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -865,9 +865,15 @@ static int validate_namespace_options(struct ndctl_region *region, * option */ size_align = max(units, size_align) * ways; - p->size /= size_align; p->size++; + + if (p->size > ULLONG_MAX / size_align) { + err("size overflow: %llu * %llu exceeds ULLONG_MAX\n", + p->size, size_align); + return -EINVAL; + } + p->size *= size_align; p->size /= units; err("'--size=' must align to interleave-width: %d and alignment: %ld\n" From patchwork Tue Mar 4 00:37:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 13999697 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 913A0139566 for ; Tue, 4 Mar 2025 00:37:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048644; cv=none; b=prxA69D7GzBlPLipH9BX93jNycWMsapeNZtZpIYZBf2CPdKHIZK6RgEBC545SgkFv2YIuFzNiTCnot/jzg7nHkxzl7LkNGuNDWt26jIJMXdknb4nam06N8F5mnCZghDZcH3fQOI11zGo7ohg7ApSc68JmmWj8+DBEUSYjtKeIfc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048644; c=relaxed/simple; bh=XKQZM1BVeY1A7e2GNG/fabJUyRi3qzw+5EVyRi2EZbM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=taam9aB6StN57OusKbbbhqQOZEaSEPPLYC0YFxQd/p4SXRjskR7RTskb0brhWRoXE9IWibM6fxN6DflYCEEJ4w05CTFD+fS8aJpQJwdByISuLMgc57wsAEHoyfmcG0Cn3AXcCxg5VClY57NHuAhOwzy5a11bt75MiXITRSpex+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HK4kKwu+; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HK4kKwu+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741048643; x=1772584643; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=XKQZM1BVeY1A7e2GNG/fabJUyRi3qzw+5EVyRi2EZbM=; b=HK4kKwu+7cc8+0EZyrjG0Nokimgr5e1bwKnZhQdavbTqty5UrEYF+yBu ux2/3O/Q/wiWUrFJSxIqvnkFyze0DG/EAR7X5KqxinqvTGLz4y2e3IMVi 94wzm8ErDytbARsRrEV8Ycz5On4hjmIWCfAaHeFIgprqSasqSYCBfOk9v k7LM5Trvq0amtsKMIME/UUTG3F0+Q99nCA/xz5CcYL00NbeelkK8RN+HX me+CpBJyOLfzES5080paAGH7tywaXmpIaUFBq0vZK40ef4hvFB/GVL4Nk Hg3tNpE0j3C/A3+SoyVjVgmQb9hnvOQPmcNxcZGht2TMoz5tWrhBXY80J Q==; X-CSE-ConnectionGUID: yxhw/gKBQxqqPnrclEtMAA== X-CSE-MsgGUID: GT7RGR91T8uWzjZaM2e+aA== X-IronPort-AV: E=McAfee;i="6700,10204,11362"; a="41975319" X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="41975319" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:21 -0800 X-CSE-ConnectionGUID: s3AeArtzTwangCunbV9g2w== X-CSE-MsgGUID: aOZcVb5zTUKZxzlNmJsHVA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="141427142" Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost) ([10.125.109.46]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:20 -0800 From: alison.schofield@intel.com To: nvdimm@lists.linux.dev Cc: Alison Schofield Subject: [ndctl PATCH 2/5] ndctl/namespace: close file descriptor in do_xaction_namespace() Date: Mon, 3 Mar 2025 16:37:08 -0800 Message-ID: <60a9535a8ff1f14b9a251ebdbbd8f57265128260.1741047738.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alison Schofield A coverity scan highlighted a resource leak caused by not freeing the open file descriptor upon exit of do_xaction_namespace(). Move the fclose() to a 'goto out_close' and route all returns through that path. Signed-off-by: Alison Schofield Reviewed-by: Dave Jiang --- ndctl/namespace.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index bb0c2f2e28c7..5eb9e1e98e11 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -2133,7 +2133,7 @@ static int do_xaction_namespace(const char *namespace, util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0); if (rc >= 0) (*processed)++; - return rc; + goto out_close; } } @@ -2144,11 +2144,11 @@ static int do_xaction_namespace(const char *namespace, rc = file_write_infoblock(param.outfile); if (rc >= 0) (*processed)++; - return rc; + goto out_close; } if (!namespace && action != ACTION_CREATE) - return rc; + goto out_close; if (namespace && (strcmp(namespace, "all") == 0)) rc = 0; @@ -2207,7 +2207,7 @@ static int do_xaction_namespace(const char *namespace, saved_rc = rc; continue; } - return rc; + goto out_close; } ndctl_namespace_foreach_safe(region, ndns, _n) { ndns_name = ndctl_namespace_get_devname(ndns); @@ -2286,9 +2286,6 @@ static int do_xaction_namespace(const char *namespace, if (ri_ctx.jblocks) util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0); - if (ri_ctx.f_out && ri_ctx.f_out != stdout) - fclose(ri_ctx.f_out); - if (action == ACTION_CREATE && rc == -EAGAIN) { /* * Namespace creation searched through all candidate @@ -2303,6 +2300,10 @@ static int do_xaction_namespace(const char *namespace, else rc = -ENOSPC; } + +out_close: + if (ri_ctx.f_out && ri_ctx.f_out != stdout) + fclose(ri_ctx.f_out); if (saved_rc) rc = saved_rc; From patchwork Tue Mar 4 00:37:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 13999699 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 528D073176 for ; Tue, 4 Mar 2025 00:37:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048645; cv=none; b=GGXN2XeNprUwKcgwj2Qtr2+wZ+m0VMAuiXrWIqN6YSmHn5xfZFg4q6D0aNkoq3NYUTP0PDKnhq1wfro0a3zUHFE9YDOz0EC7xDM8UAJ00kO7Tews8Y0PNGp6ZmDer4r9lgsgILhdlQ6Mchd3chh0Vz0RT1zsR+IzOqTS/t9Wl6I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048645; c=relaxed/simple; bh=pHe4G+oE8dVwZr8Tod68ruVXvcAns/sY/G7UWPRgZ2U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ivgonqY/lhHfXLWD1MN/LovSdWmsmONWs3N+LUOmOtuI6E1SKd4IS/w4BPqBiBg2EPl5IpT3wuLuQGHUSficJ5O1QWsHWViuINBuTtgm1aqG9YqN0lEfgD4IBgBqrkdgc6w8o3KLRClQUEdjygNdtP41z1wM7vkG/tC+RDw8Bz4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=acIRut8X; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="acIRut8X" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741048645; x=1772584645; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=pHe4G+oE8dVwZr8Tod68ruVXvcAns/sY/G7UWPRgZ2U=; b=acIRut8X7SI0dHW4bEzqUy+FgeR3aHhOezt2fKNnIet9Lcyc4Fs4QDjG j63VHvuXCsqG6H72HhL5gJ1bObB/hVlWThhei4/PrPpyFN7bXG5pUOqwq PwQBaHcOXSxVgg8g96vI4l9XKUfr/TqmhRU+zNUj73S3F45bdZfoMvQD5 BglyGruFqpj1CWaljfWzEKob/JRGNxabjjHKKaZ6evGCMXKsjGcPuDmAe BrOL2KASSbjkMANvalhqvf7wzIOEJMerYN1AJ58ubsAx/glAYrrInunVl d74UceljXNTJmDUAo13kcIecxdAAX5PNElOrvSVczfAFfyO9pyJwKsp4g w==; X-CSE-ConnectionGUID: 4nfNRx4oQoK/bePJjR0sDw== X-CSE-MsgGUID: b/2EgaVBS8iWb266hEMShg== X-IronPort-AV: E=McAfee;i="6700,10204,11362"; a="41975320" X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="41975320" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:22 -0800 X-CSE-ConnectionGUID: ciCiPPTcTROd6EnXMQ2e3Q== X-CSE-MsgGUID: KG1avHpyRbqjdmTaaLRVIA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="141427148" Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost) ([10.125.109.46]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:21 -0800 From: alison.schofield@intel.com To: nvdimm@lists.linux.dev Cc: Alison Schofield Subject: [ndctl PATCH 3/5] ndctl/dimm: do not increment a ULLONG_MAX slot value Date: Mon, 3 Mar 2025 16:37:09 -0800 Message-ID: <6f3f15b368b1d2708f93f00325e009747425cef0.1741047738.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alison Schofield A coverity scan higlighted an overflow issue when the slot variable, an unsigned integer that is initialized to -1, is incremented and overflows. Initialize slot to 0 and move the increment statement to after slot is evaluated. That keeps the comparison to a u32 as is and avoids overflow. Signed-off-by: Alison Schofield --- ndctl/dimm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ndctl/dimm.c b/ndctl/dimm.c index 889b620355fc..c39c69bfa336 100644 --- a/ndctl/dimm.c +++ b/ndctl/dimm.c @@ -97,7 +97,7 @@ static struct json_object *dump_label_json(struct ndctl_dimm *dimm, struct json_object *jlabel = NULL; struct namespace_label nslabel; unsigned int nsindex_size; - unsigned int slot = -1; + unsigned int slot = 0; ssize_t offset; if (!jarray) @@ -115,7 +115,6 @@ static struct json_object *dump_label_json(struct ndctl_dimm *dimm, struct json_object *jobj; char uuid[40]; - slot++; jlabel = json_object_new_object(); if (!jlabel) break; @@ -127,8 +126,11 @@ static struct json_object *dump_label_json(struct ndctl_dimm *dimm, if (len < 0) break; - if (le32_to_cpu(nslabel.slot) != slot) + if (le32_to_cpu(nslabel.slot) != slot) { + slot++; continue; + } + slot++; uuid_unparse((void *) nslabel.uuid, uuid); jobj = json_object_new_string(uuid); From patchwork Tue Mar 4 00:37:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 13999698 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFEF713E02D for ; Tue, 4 Mar 2025 00:37:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048645; cv=none; b=KDIwBeSdHtz2dLR3Bd59wTKAriY1UO9O2boTYF/DOjOcRGm8Wn2jBx1vJKk5syCvOMKVbBuSLLi/jzocMM2rHSH/ivqvlhcXUPFV4b7AJmHucTD3E1H7uE7B+R/SbfC+Va5jolZ55JUHC0YBl4ctiVS24y4DS5ALdWo/lvqDClw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048645; c=relaxed/simple; bh=mFTdXqISjNDGQofuD+xl/xWDd/yxgkztF8GuvkSXtVM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HhJeAUsIoB8pKhFGvdhFcUw/6rBH59tMq3Oastxiwl900OsIQ5oLRUBx7uRRCoVSBJrvX8Ww/wlFJJ59ow+r1OHO6GqAv79VrkkRvn11vt5d2w/ah9HVg2y5mYgatdHgvLTtbz/Wdh48MWDc2nvvpdr375UPqyEO7VRiNABhpe0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Lw2L0equ; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Lw2L0equ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741048644; x=1772584644; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mFTdXqISjNDGQofuD+xl/xWDd/yxgkztF8GuvkSXtVM=; b=Lw2L0equEiVTyjW8HwDbivDjBzcBJZewrkA770eNZL1PpH4+8ohqMwDh hTSLLSRRrFTMg7FAWHzH3/wYOlIiloxopvVeJF1vQ54PCCX7MjHtM1yQo St+RsSrHJnXFY88+E4lphnhOUPyaq5EvoofSDQkLTY4VbNfv3yxgEuwOI LVVDWEembg3JPlro3pfp4aOa8tj4h0OmoK3czvy2zpvyj9KdXWRwBFJGi EjAE8V57xW4t8T9QWBfjGK9Bt1DdHkXSzm8BnzOpsYvYQLFpDRiZ9FEoF /oni/hXpUM5bLf1sczj20LVUwPnGxmLznCt9u8/7BEkpPPF+e73nz13lB w==; X-CSE-ConnectionGUID: rqkvANi6T+mcp02PpGfaHg== X-CSE-MsgGUID: Cywvul54RN25pMT+0PsLrQ== X-IronPort-AV: E=McAfee;i="6700,10204,11362"; a="41975321" X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="41975321" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:23 -0800 X-CSE-ConnectionGUID: qYuxdp8AQYePtZpAqpCVfA== X-CSE-MsgGUID: n+bkgIIrRBWyfN1HGzr4iw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="141427155" Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost) ([10.125.109.46]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:22 -0800 From: alison.schofield@intel.com To: nvdimm@lists.linux.dev Cc: Alison Schofield Subject: [ndctl PATCH 4/5] ndctl/namespace: protect against overflow handling param.offset Date: Mon, 3 Mar 2025 16:37:10 -0800 Message-ID: <065eb60a8255e44d73b5be963ba3a4a532ae1689.1741047738.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alison Schofield A param.offset is parsed using parse_size64() but the result is not checked for the error return ULLONG_MAX. If ULLONG_MAX is returned, follow-on calculations will lead to overflow. Add check for ULLONG_MAX upon return from parse_size64. Add check for overflow in subsequent PFN_MODE offset calculation. This issue was reported in a coverity scan. Signed-off-by: Alison Schofield Reviewed-by: Dave Jiang --- ndctl/namespace.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index 5eb9e1e98e11..40bcf4ca65ac 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -1872,6 +1872,10 @@ static int write_pfn_sb(int fd, unsigned long long size, const char *sig, int rc; start = parse_size64(param.offset); + if (start == ULLONG_MAX) { + err("failed to parse offset option '%s'\n", param.offset); + return -EINVAL; + } npfns = PHYS_PFN(size - SZ_8K); pfn_align = parse_size64(param.align); align = max(pfn_align, SUBSECTION_SIZE); @@ -1913,6 +1917,10 @@ static int write_pfn_sb(int fd, unsigned long long size, const char *sig, * struct page size. But we also want to make sure we notice * when we end up adding new elements to struct page. */ + if (start > ULLONG_MAX - (SZ_8K + MAX_STRUCT_PAGE_SIZE * npfns)) { + error("integer overflow in offset calculation\n"); + return -EINVAL; + } offset = ALIGN(start + SZ_8K + MAX_STRUCT_PAGE_SIZE * npfns, align) - start; } else From patchwork Tue Mar 4 00:37:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 13999700 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D367E143895 for ; Tue, 4 Mar 2025 00:37:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048646; cv=none; b=oxeeRm1iPUftWY13LQadGy8YQMA2bZkNmHziTZ35iMoAUoDUMvOeegnsCjiuM73LtuStfKhwvvCGykYXQV35LL5aGyO4JUeYOrlIQeEX3wPHLRRborBSjR5JBQy5yFAU0rJ9wJOR8wZNOTLj26C4TO9xsWcNy9qsdOda3/Nojls= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741048646; c=relaxed/simple; bh=ip3KFiej9WWi14440XhivtSdu74NlUvPodFuK5elP2c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NiXH4sl1FQuC1/E6wxCOvLWSkwomFGxevelk/VQZ+xC7q5UwbsSjvMRzCN0sP0rceHp8rmYfVMpZvG4B/D/MaU00IkeFgDS107sVdXMwmKPmbwtkI5Bo3CzJVjlgDkuO5zwiP3EWQB5TY9pDrQDd6JvJZtU0EPACY2zvCZiE11c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Mx/2Oasd; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Mx/2Oasd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741048645; x=1772584645; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ip3KFiej9WWi14440XhivtSdu74NlUvPodFuK5elP2c=; b=Mx/2Oasdjrhla0CahwnvkhyYXNCpC1fspcz3DLkmy/o9E1XC8hZQBMlJ mLN6+6Q1ZA3XGg/muxDsdRWG7LdD538M5ZI4qDVJwSBPYE2Z8vqfZ53t0 8ZlBez9QBvj3Xyhlzen190NtLcLHmIZe2xJjPVVZvKXJWTzPhXpqz43Nd Qd/r3O8vns0me8m+G8vcp7WnSxrNKQAhMRCXcJnLJc0k7tsFvTUJW5YRp L5So3w4DyjtiwBxwB/AATnkLLlz0x9k58dsn/AcvBtYUikb/0u7lcTj9v eBKNFkYQwPyCBmh4zEmzCHE6N56JCoKYMGsFqxOMhAqaqy3J73eO0cBTk A==; X-CSE-ConnectionGUID: r+uDf4GCStSnS67m1VVi1g== X-CSE-MsgGUID: 0zPNU8YtTgqw+WeR3hlxUA== X-IronPort-AV: E=McAfee;i="6700,10204,11362"; a="41975323" X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="41975323" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:24 -0800 X-CSE-ConnectionGUID: UgUraKQETdaqaqo+L0KPDg== X-CSE-MsgGUID: o+ISXLzlSV2bkv1gWXTOmg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,331,1732608000"; d="scan'208";a="141427162" Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost) ([10.125.109.46]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2025 16:37:23 -0800 From: alison.schofield@intel.com To: nvdimm@lists.linux.dev Cc: Alison Schofield Subject: [ndctl PATCH 5/5] ndctl/namespace: protect against under|over-flow w bad param.align Date: Mon, 3 Mar 2025 16:37:11 -0800 Message-ID: <3692da31440104c890e59b8450e4a6472f3eded8.1741047738.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alison Schofield A coverity scan highlighted an integer underflow when param.align is 0, and an integer overflow when the parsing of param.align fails and returns ULLONG_MAX. Add explicit checks for both values. Signed-off-by: Alison Schofield Reviewed-by: Dave Jiang --- ndctl/namespace.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index 40bcf4ca65ac..3224c9ff4444 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -2086,7 +2086,11 @@ static int namespace_rw_infoblock(struct ndctl_namespace *ndns, unsigned long long size = parse_size64(param.size); align = parse_size64(param.align); - if (align < ULLONG_MAX && !IS_ALIGNED(size, align)) { + if (align == 0 || align == ULLONG_MAX) { + error("invalid alignment:%s\n", param.align); + rc = -EINVAL; + } + if (!IS_ALIGNED(size, align)) { error("--size=%s not aligned to %s\n", param.size, param.align);