[bug report] habanalabs/gaudi: fix a race condition causing DMAR error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Yuri Nudelman,

Commit 17ab47d2d6d4 ("habanalabs/gaudi: fix a race condition causing
DMAR error") from Jun 22, 2022 (linux-next), leads to the following
Smatch static checker warning:

	drivers/accel/habanalabs/gaudi/gaudi.c:1422 gaudi_get_patched_cb_extra_size()
	warn: potential user controlled sizeof overflow 'user_cb_size + additional_commands' '0-u32max + 32'

drivers/accel/habanalabs/gaudi/gaudi.c
    1415 static u32 gaudi_get_patched_cb_extra_size(u32 user_cb_size)
    1416 {
    1417         u32 cacheline_end, additional_commands;
    1418 
    1419         cacheline_end = round_up(user_cb_size, DEVICE_CACHE_LINE_SIZE);
    1420         additional_commands = sizeof(struct packet_msg_prot) * 2;
    1421 
--> 1422         if (user_cb_size + additional_commands > cacheline_end)
                     ^^^^^^^^^^^^
The user_cb_size is a user controlled variable that comes from
cs_ioctl_default().  This addition operation could result in an interger
wrapping bug.

    1423                 return cacheline_end - user_cb_size + additional_commands;
    1424         else
    1425                 return additional_commands;
    1426 }

regards,
dan carpenter
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux