2023-06-22 20:34:29

by srinivas pandruvada

[permalink] [raw]
Subject: [PATCH] platform/x86/intel/tpmi: Prevent overflow for cap_offset

cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT
(which is equal to 1024) to covert to bytes will cause overflow. This
will be a problem once more TPMI features are added.

This field is not used except for calculating pfs->vsec_offset. So, leave
cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while
calculating pfs->vsec_offset.

Signed-off-by: Srinivas Pandruvada <[email protected]>
---
Rebased on top of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
review-hans

drivers/platform/x86/intel/tpmi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c
index 9c606ee2030c..d1fd6e69401c 100644
--- a/drivers/platform/x86/intel/tpmi.c
+++ b/drivers/platform/x86/intel/tpmi.c
@@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev)
if (!pfs_start)
pfs_start = res_start;

- pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT;
-
- pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset;
+ pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT;

/*
* Process TPMI_INFO to get PCI device to CPU package ID.
--
2.38.1



2023-07-11 09:59:25

by Hans de Goede

[permalink] [raw]
Subject: Re: [PATCH] platform/x86/intel/tpmi: Prevent overflow for cap_offset

Hi,

On 6/22/23 21:57, Srinivas Pandruvada wrote:
> cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT
> (which is equal to 1024) to covert to bytes will cause overflow. This
> will be a problem once more TPMI features are added.
>
> This field is not used except for calculating pfs->vsec_offset. So, leave
> cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while
> calculating pfs->vsec_offset.
>
> Signed-off-by: Srinivas Pandruvada <[email protected]>
> ---
> Rebased on top of
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
> review-hans

Thank you for your patch, I've applied this patch to my fixes
branch:
https://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git/log/?h=fixes

Note it will show up in my fixes branch once I've pushed my
local branch there, which might take a while.

I will include this patch in my next fixes pull-req to Linus
for the current kernel development cycle.

Regards,

Hans



>
> drivers/platform/x86/intel/tpmi.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c
> index 9c606ee2030c..d1fd6e69401c 100644
> --- a/drivers/platform/x86/intel/tpmi.c
> +++ b/drivers/platform/x86/intel/tpmi.c
> @@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev)
> if (!pfs_start)
> pfs_start = res_start;
>
> - pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT;
> -
> - pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset;
> + pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT;
>
> /*
> * Process TPMI_INFO to get PCI device to CPU package ID.