Received: by 10.223.185.116 with SMTP id b49csp5212641wrg; Tue, 27 Feb 2018 09:31:54 -0800 (PST) X-Google-Smtp-Source: AH8x224ImFB+DUcqvyIfRiS/P5K75Imzy9J3JJUirbBPmfxn5krjMhTBSJpfYz7e4Afqq3hnLMxW X-Received: by 2002:a17:902:820a:: with SMTP id x10-v6mr15140322pln.364.1519752714025; Tue, 27 Feb 2018 09:31:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519752713; cv=none; d=google.com; s=arc-20160816; b=n0Xm/JK55EAL79ySMSakmMPoiG8dUmBnq20dUCTOK7v7EnZVuVxTbeQDskGv/O0wK3 HXvQf8GKmLnP5pA4f4jSWipb3L8S7setUISfp+iBeP3uJHuy1tLcMygCIXKU8eYdIKCc oQgFyOAGVQ/wGs0YtMkFEd2DakvhPm9ifSnz/imdqAPGCHfoRkeJ7s7oXY0yQK507ksI 46K3+CNYohKCi9D/Bq4Aczb3syC98GMNMGDbFvXSbgrXNWOwyB6iq1E73CgRnNvaLkkY VPdKDzJAyOzvV/023qxSGKh1cZ5eFCaGXMntSn5LvXTLfTkYqwT9UxZWG21aghyZZ+UN NJqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=LKBVC+E8AHigV11bTu1pyXtGTs0modIE6F9WE9yD7Ec=; b=X0k1iI/reLm3/2xnslqyiQukCph4lffra24iTI2Xh6Nq13HKe4vt3UbQvq5VWnty2n D+2wlvb5Du1e4TRcQVe1W7j3TtPIJGxiCBhhFxNu3ghRy1ew08fhhQf2lzy074aa2kL3 u/QaFV+Mbwb9pqSO7YKHWmnrkT1YofdyY9FzxN2atowL/vgcp3HZB1t9//7XGHfYUREm iFRh2kXgkDOQmm7gsIpejCX6WiAq4JUxQbc8PpXmAgLXHqZIjGfYti2qiKKSl2FxAQU4 cnzTXhR49J7PGL9gkwnO3l3Z1H7cmrMcOGhQTLF7HCVhmzmReTspHnV7eGrtLxluNFpY jDug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k11-v6si2390265pls.58.2018.02.27.09.31.35; Tue, 27 Feb 2018 09:31:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751682AbeB0RaF (ORCPT + 99 others); Tue, 27 Feb 2018 12:30:05 -0500 Received: from mga03.intel.com ([134.134.136.65]:38451 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751516AbeB0RaE (ORCPT ); Tue, 27 Feb 2018 12:30:04 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Feb 2018 09:30:03 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,401,1515484800"; d="scan'208";a="23638773" Received: from theros.lm.intel.com ([10.232.112.164]) by fmsmga002.fm.intel.com with ESMTP; 27 Feb 2018 09:30:03 -0800 From: Ross Zwisler To: Dan Williams , linux-nvdimm@lists.01.org, Dave Jiang , Vishal L Verma , linux-kernel@vger.kernel.org Cc: Ross Zwisler Subject: [PATCH 2/3] nfit_test: fix buffer overrun, add sanity check Date: Tue, 27 Feb 2018 10:29:51 -0700 Message-Id: <20180227172952.22177-2-ross.zwisler@linux.intel.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180227172952.22177-1-ross.zwisler@linux.intel.com> References: <20180227172952.22177-1-ross.zwisler@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It turns out that we were overrunning the 'nfit_buf' buffer in nfit_test0_setup() in the (t->setup_hotplug == 1) case because we failed to correctly account for all of the acpi_nfit_memory_map structures. Fix the structure count which will increase the allocation size of 'nfit_buf' in nfit_test0_alloc(). Also add some WARN_ON()s to nfit_test0_setup() and nfit_test1_setup() to catch future issues where the size of the buffer doesn't match the amount of data we're writing. Signed-off-by: Ross Zwisler --- tools/testing/nvdimm/test/nfit.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c index 1376fc95c33a..fcd233342273 100644 --- a/tools/testing/nvdimm/test/nfit.c +++ b/tools/testing/nvdimm/test/nfit.c @@ -104,7 +104,8 @@ enum { NUM_HINTS = 8, NUM_BDW = NUM_DCR, NUM_SPA = NUM_PM + NUM_DCR + NUM_BDW, - NUM_MEM = NUM_DCR + NUM_BDW + 2 /* spa0 iset */ + 4 /* spa1 iset */, + NUM_MEM = NUM_DCR + NUM_BDW + 2 /* spa0 iset */ + + 4 /* spa1 iset */ + 1 /* spa11 iset */, DIMM_SIZE = SZ_32M, LABEL_SIZE = SZ_128K, SPA_VCD_SIZE = SZ_4M, @@ -2047,6 +2048,9 @@ static void nfit_test0_setup(struct nfit_test *t) flush->hint_address[i] = t->flush_dma[4] + i * sizeof(u64); offset += flush->header.length; + + /* sanity check to make sure we've filled the buffer */ + WARN_ON(offset != t->nfit_size); } post_ars_status(&t->ars_state, &t->badrange, t->spa_set_dma[0], @@ -2165,6 +2169,9 @@ static void nfit_test1_setup(struct nfit_test *t) dcr->windows = 0; offset += dcr->header.length; + /* sanity check to make sure we've filled the buffer */ + WARN_ON(offset != t->nfit_size); + post_ars_status(&t->ars_state, &t->badrange, t->spa_set_dma[0], SPA2_SIZE); -- 2.14.3