On Tue, Feb 25, 2020 at 8:21 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> The "cmd" comes from the user and it can be up to 255. It it's more
> than the number of bits in long, it results out of bounds read when we
> check test_bit(cmd, &cmd_mask). The highest valid value for "cmd" is
> ND_CMD_CALL (10) so I added a compare against that.
>
> Fixes: 62232e45f4a2 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Looks good, applied.
