On Tue, Jun 25, 2024 at 12:58:04PM +0300, Aleksandr Mishin wrote: > The address of VME window is either set by jumpers (VME64) or derived from > the slot number (geographical addressing, VME64x) with the formula: > address = slot# * 0x80000 > https://indico.cern.ch/event/68278/contributions/1234555/attachments/ > 1024465/1458672/VMEbus.pdf > > slot# value can be set from module parameter 'geoid' which can contain any > value. In this case the value of an arithmetic expression 'slot# * 0x80000' > is a subject to overflow because its operands are not cast to a larger data > type before performing arithmetic. > > Validate the provided geoid value using the Geographic Addr Mask. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: d22b8ed9a3b0 ("Staging: vme: add Tundra TSI148 VME-PCI Bridge driver") > Suggested-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx> > --- > v1->v2: Move geoid validation to the probe() function as suggested by Dan Yeah, I think this works. Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> regards, dan carpenter
