From patchwork Thu Mar  6 23:50:10 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alison Schofield <alison.schofield@intel.com>
X-Patchwork-Id: 14005534
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD3002010FD
	for <nvdimm@lists.linux.dev>; Thu,  6 Mar 2025 23:50:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1741305023; cv=none;
 b=YzKNBba4nriE2uRy+wJY8XN/50VkmSSq08eGWshRJnRpYzDFpRkLMaN8PfxCBKEJF6fsY87CLBcyV43ydbQvnvWCbkrj+dTKu/TZkxs1ThWLo7rGlaXY/pIw54+VhguH2T9uPl9JlD1dqoaHwXXV9Gkj9EMUFi76W4iBqY2RZGk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1741305023; c=relaxed/simple;
	bh=Y3s2F1XQdVL7MDsFfqEU/66fxDUAW2ZZYeRkgCXYg6o=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=eHQGsdYRXNRaj/KfFrqbobApsssFVWBv1B127OOph+Hu7DTLI+LFBc03auO3KDzRD74HcYt7T0OLO0EVCD6OqZSiZIWYpe6s2B7mV41caUE2KfVOyWcqRbIbTkRAy4JzzuiBqCuOQ/l1MdDqo1Zehr0Wp/QiId0WpTHHO4axfOY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=VN/UOxFa; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="VN/UOxFa"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1741305022; x=1772841022;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Y3s2F1XQdVL7MDsFfqEU/66fxDUAW2ZZYeRkgCXYg6o=;
  b=VN/UOxFaRHdLJv8UBZmaqux+Hidg3QSNPmw3BGJ1A+o36j63gDX4Beft
   W58hAHLYb8pHZ7sBfEX+aKrM4BchXFVb2BogEp3JSUC/Z/ouH9NR7xyiq
   0lltUnfHLmm0q3WqKW3+vs6vrGk++4a5D6JAZHRw9EBIP3/WTPSEc4+4f
   +neohcOKXkVTB2Sb8cBPBXsCJEpiLbNioe/+M9VlJX6XwJc64IpXpYyVx
   H+K9gIuU90n0VdSe/kGxOdjUAAXLF/xRrMHOvC/fWzCdv+XKpDzOwhYo1
   ssHJmJaokawcBVFstux8ttNutv4CCHBoLILcswMJk1jKb+RzkklWrZXF3
   Q==;
X-CSE-ConnectionGUID: S5gwfTD0T8msgcOyAYkFVQ==
X-CSE-MsgGUID: HsvPeSuJSpKNAVKsiWJsdw==
X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="45150083"
X-IronPort-AV: E=Sophos;i="6.14,227,1736841600";
   d="scan'208";a="45150083"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:20 -0800
X-CSE-ConnectionGUID: 8CTcFMLCTOqAcDml2uFOQQ==
X-CSE-MsgGUID: +NvYxvVpRvuVYNb1YqL4+Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600";
   d="scan'208";a="123358694"
Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.125.110.63])
  by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:19 -0800
From: alison.schofield@intel.com
To: nvdimm@lists.linux.dev
Cc: Alison Schofield <alison.schofield@intel.com>,
	Dave Jiang <dave.jiang@intel.com>
Subject: [ndctl PATCH v2 1/5] ndctl/namespace: avoid integer overflow in
 namespace validation
Date: Thu,  6 Mar 2025 15:50:10 -0800
Message-ID: 
 <1b3cc602d61a1b0a5383a481452d216331e3477e.1741304303.git.alison.schofield@intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1741304303.git.alison.schofield@intel.com>
References: <cover.1741304303.git.alison.schofield@intel.com>
Precedence: bulk
X-Mailing-List: nvdimm@lists.linux.dev
List-Id: <nvdimm.lists.linux.dev>
List-Subscribe: <mailto:nvdimm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:nvdimm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Alison Schofield <alison.schofield@intel.com>

A coverity scan highlighted an integer overflow issue when testing
if the size and align parameters make sense together.

Before performing the multiplication, check that the result will not
exceed the maximum value that an unsigned long long can hold.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/namespace.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index aa8c23a50385..372fc3747c88 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -868,6 +868,13 @@ static int validate_namespace_options(struct ndctl_region *region,
 
 		p->size /= size_align;
 		p->size++;
+
+		if (p->size > ULLONG_MAX / size_align) {
+			err("size overflow: %llu * %llu exceeds ULLONG_MAX\n",
+			    p->size, size_align);
+			return -EINVAL;
+		}
+
 		p->size *= size_align;
 		p->size /= units;
 		err("'--size=' must align to interleave-width: %d and alignment: %ld\n"

From patchwork Thu Mar  6 23:50:11 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alison Schofield <alison.schofield@intel.com>
X-Patchwork-Id: 14005535
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 19935276D23
	for <nvdimm@lists.linux.dev>; Thu,  6 Mar 2025 23:50:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1741305023; cv=none;
 b=mYFBB2cvF6t43gH8Fkjd9hsI4R6+219wzGwZFQXnt4S7dmYGIOuLtd2lIPH8S0ptX5BifNE5PnBuFXwsxfj4FGEcoYgpMLbMNzHSeHEIvyCUAamtanXUO3FmPar7OoMj0eKxBRUDa496jZxHN3p5ODCaLiz2yqzf6iI2/xboGTQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1741305023; c=relaxed/simple;
	bh=hboA8iigm4vdCGGcs304LZIhnZrRN/SeYg9/2z3txMk=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=a1ZixF555U8Y8rNFClc8LrVoXY//c8yHnq4dCbOaNrrn7cqIJ/EHsLWcvEhTQDfH0+eFNiRW2af434HFiiVbufywfclbX6a4LXpunNJfrxf3aCjFEfavU40B21mOXiuAYHuJ8vfj3vNr06oWMNTklnct7lIcoDQYOX9zvviHmKg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=f+aw1RE4; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="f+aw1RE4"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1741305022; x=1772841022;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=hboA8iigm4vdCGGcs304LZIhnZrRN/SeYg9/2z3txMk=;
  b=f+aw1RE4PkLWiQ5J9+KKbQ9PdxASnNoJvycRyo459akxirGFRUD+8P7U
   OAvW4Uef8CMyjQCeCckCvg7lR+wA1W7+2ZyW2kl0NSsusFrXMXuJ+t72L
   FnQkJP5lfu2tZX7q3ED9+u8sEfrtIRJCpFu29OrKHegQs21wHUAD573l2
   sXFFDUxhkBFoT0HhG4JJEfy+zW2M2gBxnvqvCMHLCXA+iuuPa+LKSm/Ye
   107wTTMyxBos3ydQQZHGKkspqT8xEeO/V1TzRu2owmhasaKkiMPvrfREb
   0+wjg5lI8qi1d7WCtXMeUpVO6YtW9ivqGcu+w2pn3fiUyIP438fOwNLBX
   A==;
X-CSE-ConnectionGUID: S4ZYmyT9SdGtlHLYHUrfuw==
X-CSE-MsgGUID: U0UcD/bhQ3qRdlRQN9+HHQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="45150084"
X-IronPort-AV: E=Sophos;i="6.14,227,1736841600";
   d="scan'208";a="45150084"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:21 -0800
X-CSE-ConnectionGUID: tATp8ghmQ2m0A63SLvwyMg==
X-CSE-MsgGUID: 3y1MWMU3Qg2fytWEKqPbzQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600";
   d="scan'208";a="123358701"
Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.125.110.63])
  by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:20 -0800
From: alison.schofield@intel.com
To: nvdimm@lists.linux.dev
Cc: Alison Schofield <alison.schofield@intel.com>,
	Dave Jiang <dave.jiang@intel.com>
Subject: [ndctl PATCH v2 2/5] ndctl/namespace: close file descriptor in
 do_xaction_namespace()
Date: Thu,  6 Mar 2025 15:50:11 -0800
Message-ID: 
 <267483d9d16460ee4e5726c1675df4510d246ebc.1741304303.git.alison.schofield@intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1741304303.git.alison.schofield@intel.com>
References: <cover.1741304303.git.alison.schofield@intel.com>
Precedence: bulk
X-Mailing-List: nvdimm@lists.linux.dev
List-Id: <nvdimm.lists.linux.dev>
List-Subscribe: <mailto:nvdimm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:nvdimm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Alison Schofield <alison.schofield@intel.com>

A coverity scan highlighted a resource leak caused by not freeing
the open file descriptor upon exit of do_xaction_namespace().

Move the fclose() to a 'goto out_close' and route all returns through
that path.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/namespace.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index 372fc3747c88..6c86eadcad69 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -2134,7 +2134,7 @@ static int do_xaction_namespace(const char *namespace,
 				util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0);
 			if (rc >= 0)
 				(*processed)++;
-			return rc;
+			goto out_close;
 		}
 	}
 
@@ -2145,11 +2145,11 @@ static int do_xaction_namespace(const char *namespace,
 		rc = file_write_infoblock(param.outfile);
 		if (rc >= 0)
 			(*processed)++;
-		return rc;
+		goto out_close;
 	}
 
 	if (!namespace && action != ACTION_CREATE)
-		return rc;
+		goto out_close;
 
 	if (namespace && (strcmp(namespace, "all") == 0))
 		rc = 0;
@@ -2208,7 +2208,7 @@ static int do_xaction_namespace(const char *namespace,
 						saved_rc = rc;
 						continue;
 				}
-				return rc;
+				goto out_close;
 			}
 			ndctl_namespace_foreach_safe(region, ndns, _n) {
 				ndns_name = ndctl_namespace_get_devname(ndns);
@@ -2287,9 +2287,6 @@ static int do_xaction_namespace(const char *namespace,
 	if (ri_ctx.jblocks)
 		util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0);
 
-	if (ri_ctx.f_out && ri_ctx.f_out != stdout)
-		fclose(ri_ctx.f_out);
-
 	if (action == ACTION_CREATE && rc == -EAGAIN) {
 		/*
 		 * Namespace creation searched through all candidate
@@ -2304,6 +2301,10 @@ static int do_xaction_namespace(const char *namespace,
 		else
 			rc = -ENOSPC;
 	}
+
+out_close:
+	if (ri_ctx.f_out && ri_ctx.f_out != stdout)
+		fclose(ri_ctx.f_out);
 	if (saved_rc)
 		rc = saved_rc;
 

From patchwork Thu Mar  6 23:50:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alison Schofield <alison.schofield@intel.com>
X-Patchwork-Id: 14005536
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E21E1A83EE
	for <nvdimm@lists.linux.dev>; Thu,  6 Mar 2025 23:50:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1741305025; cv=none;
 b=OQhWVycjSHbEik+nfM4ppkP5kzrsZrOuvA+j6ZmoKI+7lfT2QILj2r2CANS7kwbNQ4cuLTn/UT3faHHhn4L0OVDHMJY9Hu6SOx57Hz9VbClJzwiDTjTBRYl5D4SeScxRHATT09zm/+w53Gui+8MzBDqLhHU8l35R48QIuUoipOk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1741305025; c=relaxed/simple;
	bh=2V/Pw+4z5X1zqGGkZxd5u8O91l9GwR8ruYbu0v/k7ys=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=SzmiOoMbiJ/sUL14CMGFuhQ1OKEIL894mYZEmSAcPaqknkL/t2rkptA3dfnS1bKbxZgYvyjk0PSz2cSefjLEcBlzX1rVlXaRcIx/8OLjyFfnJzBZJ61lEO1rAnV63IZzOyDRxncxXrU437FzI4y93M3//T1ZG0vLY8iKnYek0ek=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=i87c4Ido; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="i87c4Ido"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1741305024; x=1772841024;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=2V/Pw+4z5X1zqGGkZxd5u8O91l9GwR8ruYbu0v/k7ys=;
  b=i87c4IdodgauVI3W/pToFFADNtJBtuL9wsG7CPx9RcB6+UWAl31Zc1xB
   rTkT3ic+LzM3KcbXUFOzdA8cewpDDoiOSXfYMsVF4nykO/d+untNL8Xrg
   wpx05s7RuEGhlBL4JJiFPYJslqHxcV/aYh86YlFam7F9jaVybV0F6N4yK
   pBN0FC3XyH22YETRqmpwLxly9UTQ0JLgHvQZ4gaFiekf/L1HPgcH37nvu
   9kyBdUBODfgoeCFmEZ9ieW8/UM0M0WbVBcGBnQfD4dsnmsPIomKq5J0/b
   kQ2iIzW3ef98DYlU6r73khGO245ziIXgOh82EKng/eBGKET6byRpjIlA1
   A==;
X-CSE-ConnectionGUID: 0IFI76J7THa8Vy4W5ZqVLQ==
X-CSE-MsgGUID: ZuWWYk9VQtil3EdcZQ9SUg==
X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="45150085"
X-IronPort-AV: E=Sophos;i="6.14,227,1736841600";
   d="scan'208";a="45150085"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:22 -0800
X-CSE-ConnectionGUID: rQfX55m7TUOSpAw/493t0w==
X-CSE-MsgGUID: EAvOFNRfRgWIxGmTJ7+47w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600";
   d="scan'208";a="123358708"
Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.125.110.63])
  by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:21 -0800
From: alison.schofield@intel.com
To: nvdimm@lists.linux.dev
Cc: Alison Schofield <alison.schofield@intel.com>
Subject: [ndctl PATCH v2 3/5] ndctl/dimm: do not increment a ULLONG_MAX slot
 value
Date: Thu,  6 Mar 2025 15:50:12 -0800
Message-ID: 
 <04880bb53cbd400d9906ca2ac5042a9dc23b925f.1741304303.git.alison.schofield@intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1741304303.git.alison.schofield@intel.com>
References: <cover.1741304303.git.alison.schofield@intel.com>
Precedence: bulk
X-Mailing-List: nvdimm@lists.linux.dev
List-Id: <nvdimm.lists.linux.dev>
List-Subscribe: <mailto:nvdimm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:nvdimm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Alison Schofield <alison.schofield@intel.com>

A coverity scan higlighted an overflow issue when the slot variable,
an unsigned integer that is initialized to -1, is incremented and
overflows.

Initialize slot to 0 and increment slot in the for loop header. That
keeps the comparison to a u32 as is and avoids overflow.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/dimm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ndctl/dimm.c b/ndctl/dimm.c
index 889b620355fc..aaa0abfa046c 100644
--- a/ndctl/dimm.c
+++ b/ndctl/dimm.c
@@ -97,7 +97,7 @@ static struct json_object *dump_label_json(struct ndctl_dimm *dimm,
 	struct json_object *jlabel = NULL;
 	struct namespace_label nslabel;
 	unsigned int nsindex_size;
-	unsigned int slot = -1;
+	unsigned int slot = 0;
 	ssize_t offset;
 
 	if (!jarray)
@@ -108,14 +108,13 @@ static struct json_object *dump_label_json(struct ndctl_dimm *dimm,
 		return NULL;
 
 	for (offset = nsindex_size * 2; offset < size;
-			offset += ndctl_dimm_sizeof_namespace_label(dimm)) {
+	     offset += ndctl_dimm_sizeof_namespace_label(dimm), slot++) {
 		ssize_t len = min_t(ssize_t,
 				ndctl_dimm_sizeof_namespace_label(dimm),
 				size - offset);
 		struct json_object *jobj;
 		char uuid[40];
 
-		slot++;
 		jlabel = json_object_new_object();
 		if (!jlabel)
 			break;

From patchwork Thu Mar  6 23:50:13 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alison Schofield <alison.schofield@intel.com>
X-Patchwork-Id: 14005537
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDE5927F4CA
	for <nvdimm@lists.linux.dev>; Thu,  6 Mar 2025 23:50:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1741305025; cv=none;
 b=i5m5lwSSfrxD3MilZz6CEzfcxyVzEZQGRN24CmMBfj9LQvC3IgwXXr4ikq4D2vNy+yn7onHi2Zn5F5NPOSBKF+JYLES4iGjUY4D5u4N8zuT39DqMZGqY/+JQRJcXlG6hoLilyZCJq1bzbb9cd5x7vHlQ0wTnmQH1urFCVXdsy4Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1741305025; c=relaxed/simple;
	bh=i1+JxnIc/xMnOV5MOZrRzQTpHllEhaNFEo98JQN0xU0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=ELvdiELwe/t3WD4SKpM7KGpWzSmynGskkALfIzGHGFs1dMMvhsfeKmIOsJTQQiI9930WPAxuXGs9mHGSRneK6m+2PieiYg7m0GDwuGFyr0JpCwcx0RflVQDz/n9Ttgsz79XS/UMGF5fUNh6DsOomy8/9mPuQbQZ5UqNCu6k1aoY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=RjNwzL+I; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="RjNwzL+I"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1741305024; x=1772841024;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=i1+JxnIc/xMnOV5MOZrRzQTpHllEhaNFEo98JQN0xU0=;
  b=RjNwzL+IHxqSH/VlSBxhKJ2NQ6yQB4WSh8heSrCkDVv2OAz45Wv9d1M1
   6b8u2PZjdhMNOJHoK5VDyY3VZMHEIba4qFXLaF6FwN+8+YXF5Bm+G87Ph
   v2qbI3nZmJTvzQc5KeLdVp6iDZ+vGsIoj2hJq2Q+HajxfJ8TcGcRSmSTE
   pKP2gl+77l1m19mxCqwd570GJS0zRBE4Pf4zgIGVYKZTvDHb/q55FblMk
   DVWPN5J80BbwXj/ND03zRtykkAXERrr+9hPOZ/u52k0t4DhaPezqSBA0o
   JOMMO9oR/lo2O+6h7dPFnRydYvCNzRAk9TWl1fvSYrcsgf9bEhN3Sxeih
   Q==;
X-CSE-ConnectionGUID: l6kDolRFSXylFiOSAD0wwA==
X-CSE-MsgGUID: MA32rO0eR6S8v8fPON6G7w==
X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="45150086"
X-IronPort-AV: E=Sophos;i="6.14,227,1736841600";
   d="scan'208";a="45150086"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:23 -0800
X-CSE-ConnectionGUID: XtGiUUTJTEyfkc+PkmSo2g==
X-CSE-MsgGUID: 4gEX3l0HR2mMPxfMIq961w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600";
   d="scan'208";a="123358728"
Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.125.110.63])
  by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:22 -0800
From: alison.schofield@intel.com
To: nvdimm@lists.linux.dev
Cc: Alison Schofield <alison.schofield@intel.com>,
	Dave Jiang <dave.jiang@intel.com>
Subject: [ndctl PATCH v2 4/5] ndctl/namespace: protect against overflow
 handling param.offset
Date: Thu,  6 Mar 2025 15:50:13 -0800
Message-ID: 
 <fd9b0fa9091490c71791ebd695ee48f8da12e5ec.1741304303.git.alison.schofield@intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1741304303.git.alison.schofield@intel.com>
References: <cover.1741304303.git.alison.schofield@intel.com>
Precedence: bulk
X-Mailing-List: nvdimm@lists.linux.dev
List-Id: <nvdimm.lists.linux.dev>
List-Subscribe: <mailto:nvdimm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:nvdimm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Alison Schofield <alison.schofield@intel.com>

A param.offset is parsed using parse_size64() but the result is
not checked for the error return ULLONG_MAX. If ULLONG_MAX is
returned, follow-on calculations will lead to overflow.

Add check for ULLONG_MAX upon return from parse_size64.
Add check for overflow in subsequent PFN_MODE offset calculation.

This issue was reported in a coverity scan.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/namespace.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index 6c86eadcad69..2cee1c4c1451 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -1873,6 +1873,10 @@ static int write_pfn_sb(int fd, unsigned long long size, const char *sig,
 	int rc;
 
 	start = parse_size64(param.offset);
+	if (start == ULLONG_MAX) {
+		err("failed to parse offset option '%s'\n", param.offset);
+		return -EINVAL;
+	}
 	npfns = PHYS_PFN(size - SZ_8K);
 	pfn_align = parse_size64(param.align);
 	align = max(pfn_align, SUBSECTION_SIZE);
@@ -1914,6 +1918,10 @@ static int write_pfn_sb(int fd, unsigned long long size, const char *sig,
 		 * struct page size. But we also want to make sure we notice
 		 * when we end up adding new elements to struct page.
 		 */
+		if (start > ULLONG_MAX - (SZ_8K + MAX_STRUCT_PAGE_SIZE * npfns)) {
+			error("integer overflow in offset calculation\n");
+			return -EINVAL;
+		}
 		offset = ALIGN(start + SZ_8K + MAX_STRUCT_PAGE_SIZE * npfns, align)
 			- start;
 	} else

From patchwork Thu Mar  6 23:50:14 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alison Schofield <alison.schofield@intel.com>
X-Patchwork-Id: 14005538
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04C2627F4DD
	for <nvdimm@lists.linux.dev>; Thu,  6 Mar 2025 23:50:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1741305025; cv=none;
 b=unkANfJ6kNVj9Qf23zIy1fO2dN9fhmTwWm65xj/PhMHDl+O4i++E6Naq7xNKNnximgoY7xGKi3GOOz2oJ5PVJ6zqU4LbYiUeOK4J2J8Q1wblCpSjqnzOq/YJgI0lZpzeXtu3paLQsE3sHmucVn8SEWgyielOLrfI5712N5jAABE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1741305025; c=relaxed/simple;
	bh=JZk5PtUv4rBJbKlmbceIqvgHXrWy7tsqGjIyhgvhNIQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=b9hPiR9DHygieCEXgpPB75EgkNOc74eKByx2HnjwqLS1DHgDN3wLIVMt8PrjbA4kyw7cA6dbq9t1QFoiFiBR+FZyBo24kDGb5XSzeM9nJRn7C7WSdYVz3uNCwwb5YPg5xyE4/lfWrYro8KB0Gj2+UcFmBa73HInDuIGNQLdybXE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=Pt7mUyYX; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="Pt7mUyYX"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1741305024; x=1772841024;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=JZk5PtUv4rBJbKlmbceIqvgHXrWy7tsqGjIyhgvhNIQ=;
  b=Pt7mUyYX0l+eBlClekZHaV+Vb/TGD0cyqiB0g5A4n1NH58x4CXZnO3Wu
   nm2ZHKUHaTpPG7DMAJgtv4hS5/gKuuovbvwE8M+B4eapUltNCpHkfDLX/
   PpneoC80+OVNYCkWk45EytKF+TvKN3aJpzTPea4MzEENTCsRgpXdOqHc9
   AnyVbObKKzPmryn/XRR69j53Fx3BgEiYEBiGAIlEUTgtZj0sxjzc8YcBb
   uq1O3AYqWVFIWOiSX6FuSYEEoEnc5s671pCBry6WHbkP6DZc6YhwQVrpl
   K+ClzSEBEIf4JssMmmsZqPEFKg1ROpI18assMCSZ/UT0twueqp30PyMpV
   Q==;
X-CSE-ConnectionGUID: 3Aqgy8ojSCaYE3z9YrbEgQ==
X-CSE-MsgGUID: Esp25SyCR+Owx6kUjPv1fw==
X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="45150088"
X-IronPort-AV: E=Sophos;i="6.14,227,1736841600";
   d="scan'208";a="45150088"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:24 -0800
X-CSE-ConnectionGUID: ZtU+kcNxRti96ObumzK9/Q==
X-CSE-MsgGUID: xolm0kYnTKejc3wkAVf2qw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600";
   d="scan'208";a="123358738"
Received: from aschofie-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.125.110.63])
  by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Mar 2025 15:50:23 -0800
From: alison.schofield@intel.com
To: nvdimm@lists.linux.dev
Cc: Alison Schofield <alison.schofield@intel.com>,
	Dave Jiang <dave.jiang@intel.com>
Subject: [ndctl PATCH v2 5/5] ndctl/namespace: protect against under|over-flow
 w bad param.align
Date: Thu,  6 Mar 2025 15:50:14 -0800
Message-ID: 
 <5f8a8a6cf332ec9ceb636180b9dd5cbf801f1e6e.1741304303.git.alison.schofield@intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1741304303.git.alison.schofield@intel.com>
References: <cover.1741304303.git.alison.schofield@intel.com>
Precedence: bulk
X-Mailing-List: nvdimm@lists.linux.dev
List-Id: <nvdimm.lists.linux.dev>
List-Subscribe: <mailto:nvdimm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:nvdimm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Alison Schofield <alison.schofield@intel.com>

A coverity scan highlighted an integer underflow when param.align
is 0, and an integer overflow when the parsing of param.align fails
and returns ULLONG_MAX.

Add explicit checks for both values.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
---
 ndctl/namespace.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index 2cee1c4c1451..e443130a5a93 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -2087,7 +2087,11 @@ static int namespace_rw_infoblock(struct ndctl_namespace *ndns,
 			unsigned long long size = parse_size64(param.size);
 			align = parse_size64(param.align);
 
-			if (align < ULLONG_MAX && !IS_ALIGNED(size, align)) {
+			if (align == 0 || align == ULLONG_MAX) {
+				error("invalid alignment:%s\n", param.align);
+				rc = -EINVAL;
+			}
+			if (!IS_ALIGNED(size, align)) {
 				error("--size=%s not aligned to %s\n", param.size,
 					param.align);