The "psize" value comes from the user so we need to verify that it's
non-zero before we check if "n % psize" or it will crash.
Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
Signed-off-by: Dan Carpenter <[email protected]>
---
The parentheses in this condition are a no-op. They're just confusing.
Perhaps something else was intended?
drivers/misc/xilinx_sdfec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
index 813b82c59360..3fc53d20abf3 100644
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -460,7 +460,7 @@ static int xsdfec_reg0_write(struct xsdfec_dev *xsdfec, u32 n, u32 k, u32 psize,
{
u32 wdata;
- if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX ||
+ if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX || psize == 0 ||
(n > XSDFEC_REG0_N_MUL_P * psize) || n <= k || ((n % psize) != 0)) {
dev_dbg(xsdfec->dev, "N value is not in range");
return -EINVAL;
--
2.20.1
On 21. 08. 19 9:09, Dan Carpenter wrote:
> The "psize" value comes from the user so we need to verify that it's
> non-zero before we check if "n % psize" or it will crash.
>
> Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> The parentheses in this condition are a no-op. They're just confusing.
> Perhaps something else was intended?
>
> drivers/misc/xilinx_sdfec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
> index 813b82c59360..3fc53d20abf3 100644
> --- a/drivers/misc/xilinx_sdfec.c
> +++ b/drivers/misc/xilinx_sdfec.c
> @@ -460,7 +460,7 @@ static int xsdfec_reg0_write(struct xsdfec_dev *xsdfec, u32 n, u32 k, u32 psize,
> {
> u32 wdata;
>
> - if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX ||
> + if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX || psize == 0 ||
> (n > XSDFEC_REG0_N_MUL_P * psize) || n <= k || ((n % psize) != 0)) {
> dev_dbg(xsdfec->dev, "N value is not in range");
> return -EINVAL;
>
Reviewed-by: Michal Simek <[email protected]>
Thanks,
Michal
Hi Dan,
> -----Original Message-----
> From: Dan Carpenter [mailto:[email protected]]
> Sent: Wednesday 21 August 2019 08:10
> To: Derek Kiernan <[email protected]>; Dragan Cvetic <[email protected]>
> Cc: Arnd Bergmann <[email protected]>; Greg Kroah-Hartman <[email protected]>; Michal Simek <[email protected]>;
> [email protected]; [email protected]; [email protected]
> Subject: [PATCH 3/4] misc: xilinx_sdfec: Prevent a divide by zero in xsdfec_reg0_write()
>
> The "psize" value comes from the user so we need to verify that it's
> non-zero before we check if "n % psize" or it will crash.
>
> Fixes: 20ec628e8007 ("misc: xilinx_sdfec: Add ability to configure LDPC")
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> The parentheses in this condition are a no-op. They're just confusing.
> Perhaps something else was intended?
>
> drivers/misc/xilinx_sdfec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
> index 813b82c59360..3fc53d20abf3 100644
> --- a/drivers/misc/xilinx_sdfec.c
> +++ b/drivers/misc/xilinx_sdfec.c
> @@ -460,7 +460,7 @@ static int xsdfec_reg0_write(struct xsdfec_dev *xsdfec, u32 n, u32 k, u32 psize,
> {
> u32 wdata;
>
> - if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX ||
> + if (n < XSDFEC_REG0_N_MIN || n > XSDFEC_REG0_N_MAX || psize == 0 ||
> (n > XSDFEC_REG0_N_MUL_P * psize) || n <= k || ((n % psize) != 0)) {
> dev_dbg(xsdfec->dev, "N value is not in range");
> return -EINVAL;
> --
> 2.20.1
Reviewed-by: Dragan Cvetic <[email protected]>
Thanks,
Dragan