Patch "hwmon: (pc87360) Bounds check data->innr usage" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    hwmon: (pc87360) Bounds check data->innr usage

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     hwmon-pc87360-bounds-check-data-innr-usage.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fccf331a5d9f675d96917192022cecd2eb27b5e8
Author: Kees Cook <kees@xxxxxxxxxx>
Date:   Thu Nov 30 12:02:07 2023 -0800

    hwmon: (pc87360) Bounds check data->innr usage
    
    [ Upstream commit 4265eb062a7303e537ab3792ade31f424c3c5189 ]
    
    Without visibility into the initializers for data->innr, GCC suspects
    using it as an index could walk off the end of the various 14-element
    arrays in data. Perform an explicit clamp to the array size. Silences
    the following warning with GCC 12+:
    
    ../drivers/hwmon/pc87360.c: In function 'pc87360_update_device':
    ../drivers/hwmon/pc87360.c:341:49: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
      341 |                                 data->in_max[i] = pc87360_read_value(data,
          |                                 ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
      342 |                                                   LD_IN, i,
          |                                                   ~~~~~~~~~
      343 |                                                   PC87365_REG_IN_MAX);
          |                                                   ~~~~~~~~~~~~~~~~~~~
    ../drivers/hwmon/pc87360.c:209:12: note: at offset 255 into destination object 'in_max' of size 14
      209 |         u8 in_max[14];          /* Register value */
          |            ^~~~~~
    
    Cc: Jim Cromie <jim.cromie@xxxxxxxxx>
    Cc: Jean Delvare <jdelvare@xxxxxxxx>
    Cc: Guenter Roeck <linux@xxxxxxxxxxxx>
    Cc: linux-hwmon@xxxxxxxxxxxxxxx
    Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
    Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20231130200207.work.679-kees@xxxxxxxxxx
    [groeck: Added comment into code clarifying context]
    Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/hwmon/pc87360.c b/drivers/hwmon/pc87360.c
index a4adc8bd531ff..534a6072036c9 100644
--- a/drivers/hwmon/pc87360.c
+++ b/drivers/hwmon/pc87360.c
@@ -323,7 +323,11 @@ static struct pc87360_data *pc87360_update_device(struct device *dev)
 		}
 
 		/* Voltages */
-		for (i = 0; i < data->innr; i++) {
+		/*
+		 * The min() below does not have any practical meaning and is
+		 * only needed to silence a warning observed with gcc 12+.
+		 */
+		for (i = 0; i < min(data->innr, ARRAY_SIZE(data->in)); i++) {
 			data->in_status[i] = pc87360_read_value(data, LD_IN, i,
 					     PC87365_REG_IN_STATUS);
 			/* Clear bits */




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux