On 1/21/20 1:21 PM, Bartlomiej Zolnierkiewicz wrote: > > On 1/21/20 12:48 PM, Dan Carpenter wrote: >> On Tue, Jan 21, 2020 at 12:15:54PM +0100, Bartlomiej Zolnierkiewicz wrote: >>> >>> Hi, >>> >>> On 1/20/20 2:40 PM, David Miller wrote: >>>> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> >>>> Date: Tue, 7 Jan 2020 16:04:41 +0300 >>>> >>>>> The "drive->dn" value is a u8 and it is controlled by root only, but >>>>> it could be out of bounds here so let's check. >>> >>> drive->dn should not be root controllable, please point me where it >>> happens as this may need fixing instead of cmd64x driver. >>> >>> [ IDE core makes sure that drive->dn is never > 3 and a lot of code >>> assumes it. ] >>> >> >> It's a marked as a setable field in ide-proc.c >> >> drivers/ide/ide-proc.c >> 206 ide_devset_rw(current_speed, xfer_rate); >> 207 ide_devset_rw_field(init_speed, init_speed); >> 208 ide_devset_rw_flag(nice1, IDE_DFLAG_NICE1); >> 209 ide_devset_rw_field(number, dn); >> ^^^^^^^^^^ >> Sets ->dn > > It is a bug. PS The rationale for fixing it is: - IDE core always sets ->dn correctly (changing it is never required) - setting different value than assigned by IDE core is very likely to result in data corruption (due to wrong transfer timings being set on the controller etc.) Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics
