| Message ID | 1423647992-3787-3-git-send-email-ivan.khoronzhuk@linaro.org |
|---|---|
| State | New |
| Headers | show |
On 11 February 2015 at 17:46, Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> wrote: > According to SMBIOSv3 specification the length of DMI table can be > up to 32bits wide. So use appropriate type to avoid overflow. > > It's obvious that dmi_num theoretically can be more than u16 also, > so it's can be changed to u32 or at least it's better to use int > instead of u16, but on that moment I cannot imagine dmi structure > count more than 65535 and it can require changing type of vars that > work with it. So I didn't correct it. > > Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> Acked-by: Ard Biesheuvel <ard@linaro.org> This should get a cc stable as well.
On 02/11/2015 11:53 AM, Ard Biesheuvel wrote: > On 11 February 2015 at 17:46, Ivan Khoronzhuk > <ivan.khoronzhuk@linaro.org> wrote: >> According to SMBIOSv3 specification the length of DMI table can be >> up to 32bits wide. So use appropriate type to avoid overflow. >> >> It's obvious that dmi_num theoretically can be more than u16 also, >> so it's can be changed to u32 or at least it's better to use int >> instead of u16, but on that moment I cannot imagine dmi structure >> count more than 65535 and it can require changing type of vars that >> work with it. So I didn't correct it. >> >> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> > Acked-by: Ard Biesheuvel <ard@linaro.org> > > This should get a cc stable as well. > Pay attention that this patch has to be applied with patch 1/3. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
On 11 February 2015 at 18:10, Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> wrote: > > On 02/11/2015 11:53 AM, Ard Biesheuvel wrote: >> >> On 11 February 2015 at 17:46, Ivan Khoronzhuk >> <ivan.khoronzhuk@linaro.org> wrote: >>> >>> According to SMBIOSv3 specification the length of DMI table can be >>> up to 32bits wide. So use appropriate type to avoid overflow. >>> >>> It's obvious that dmi_num theoretically can be more than u16 also, >>> so it's can be changed to u32 or at least it's better to use int >>> instead of u16, but on that moment I cannot imagine dmi structure >>> count more than 65535 and it can require changing type of vars that >>> work with it. So I didn't correct it. >>> >>> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> >> >> Acked-by: Ard Biesheuvel <ard@linaro.org> >> >> This should get a cc stable as well. >> > > Pay attention that this patch has to be applied with patch 1/3. Good point. Actually, I don't really see the need for patch #1, even if I agree that it would have been better to write it like you have in the first place. But leaving the dmi_len as u16 is clearly a bug on my part, so that should be fixed. @Matt: any thoughts? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
On 02/13/2015 06:12 PM, Matt Fleming wrote: > On Wed, 11 Feb, at 06:12:59PM, Ard Biesheuvel wrote: >> Good point. Actually, I don't really see the need for patch #1, even >> if I agree that it would have been better to write it like you have in >> the first place. >> But leaving the dmi_len as u16 is clearly a bug on my part, so that >> should be fixed. >> >> @Matt: any thoughts? > Ivan, I'd prefer it if you move PATCH 1 to be PATCH 3, i.e. make the > urgent changes at the beginning of the series and the cleanups at the > end. That nicely sidesteps the issue of having to backport a cleanup > patch as a dependency for a real bug fix. > Ok. I'll update soon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c index fb16203..952e95c 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c @@ -18,7 +18,7 @@ static const char dmi_empty_string[] = " "; static u16 __initdata dmi_ver; -static u16 dmi_len; +static u32 dmi_len; static u16 dmi_num; /* * Catch too early calls to dmi_check_system():
According to SMBIOSv3 specification the length of DMI table can be up to 32bits wide. So use appropriate type to avoid overflow. It's obvious that dmi_num theoretically can be more than u16 also, so it's can be changed to u32 or at least it's better to use int instead of u16, but on that moment I cannot imagine dmi structure count more than 65535 and it can require changing type of vars that work with it. So I didn't correct it. Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> --- drivers/firmware/dmi_scan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)