Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1562435yba; Thu, 25 Apr 2019 01:46:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqzB1hlSc04K3jlNLlvgkUykyz8tr3uUiGPkudOxErf0AQLmDAzy1Yx349+LbbsGdpJRTeXe X-Received: by 2002:a63:e22:: with SMTP id d34mr30555671pgl.251.1556181983851; Thu, 25 Apr 2019 01:46:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556181983; cv=none; d=google.com; s=arc-20160816; b=UJU7Z9mszZQAARmm4+Bodpew68Ux6XzG3vX/a6C/jvTB6BsDj88oEmlI5NB+sFCOeI 43KTmIhFA2tSF9u45mvXGsMbw0GBxJ8yALgmMfZ1uXWYEzJ8LB9EEf0pL/kUDaY27bUQ wWOl7cTZBfKGauwnq2H+4DHzasuZ29+mlrEn0uXl1Y3m5x95p7oC3+comLl29AtAwoUX UdtQRmo8mgSnLwBaf0SBa646/CrKTXKK6Q7GIZpqkJEmC5iPOhVdQRBR4ZsbbcnloisL CpobAhdsAQItsl/LRHyI4HmTTBkArseSXDa5ee7lzDaG8T0tV/ridCYSs1Ip8kapvo/V V8SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=z982tdbPobHWVL0WVUA3BxFx7fqpwIHvQILxTvBVCHw=; b=o8lbecF9CM4u7xjXIXyb3n4Z7uPyKU3LVBVGebzEZE3+G4z3srB5zXPpg8A2zx7HUJ gN1z1MKVWUlBx2CQyN8IGkGWZ0zrBYUrSZBwbB8IocMRWxdf1NNwA63hMD/LPCBb9LTO FWT/GIgweiBrJk2KqUTtPUsIQBwvXIigvBqZnF4+S2BzSKlwzPENY38fTHqYu8cdtlqM LjEDqtd2l9zPgPl8VxkJsa1lAbc5TUmknHyQLEX/BNx/9TpTX8wNPu6w58QkrY/D1vcR 7Jpkpl3YWdR98g29AB86Sai+fjXInPoPTCB29KIACQTZFTSIXgaiDOfifVeuK4AYlwUz cagw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ucloud.cn Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9si20438693pgh.55.2019.04.25.01.46.09; Thu, 25 Apr 2019 01:46:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ucloud.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728599AbfDYH4S (ORCPT + 99 others); Thu, 25 Apr 2019 03:56:18 -0400 Received: from m97179.mail.qiye.163.com ([220.181.97.179]:3162 "EHLO m97179.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728012AbfDYH4R (ORCPT ); Thu, 25 Apr 2019 03:56:17 -0400 Received: from localhost (unknown [117.48.120.186]) by m97179.mail.qiye.163.com (Hmail) with ESMTPA id CF953E01716; Thu, 25 Apr 2019 15:56:12 +0800 (CST) Date: Thu, 25 Apr 2019 15:56:12 +0800 From: WANG Chao To: Borislav Petkov Cc: Tony Luck , linux-kernel@vger.kernel.org, linux-edac@vger.kernel.org Subject: Re: [PATCH 1/3] RAS/CEC: fix __find_elem Message-ID: <20190425075612.GA10363@WANG-Chaos-MacBook-Pro.local> References: <20190418034115.75954-1-chao.wang@ucloud.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190418034115.75954-1-chao.wang@ucloud.cn> User-Agent: Mutt/1.11.4 (2019-03-13) X-HM-Spam-Status: e1kIGBQJHllBWUtVS1lXWShZQUlCN1dZLVlBSVdZCQ4XHghZQVkyNS06Nz I*QUtVS1kG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MUk6ARw*Szg#UTUiLz4zIkkr UQgwFAhVSlVKTk5NSkxDQkxIS0tLVTMWGhIXVRgTGhRVDBoVHDsOGBcUDh9VGBVFWVdZEgtZQVlK SkxVT0NVSklLVUpDTVlXWQgBWUFKTE1ONwY+ X-HM-Tid: 0a6a537eb0bc20bdkuqycf953e01716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/18/19 at 11:41P, WANG Chao wrote: > A left over pfn (because we don't clear) at ca->array[n] can be a match > in __find_elem. Later it'd cause a memmove size overflow in del_elem. > > Signed-off-by: WANG Chao > --- > drivers/ras/cec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c > index 2d9ec378a8bc..2e0bf1269c31 100644 > --- a/drivers/ras/cec.c > +++ b/drivers/ras/cec.c > @@ -206,7 +206,7 @@ static int __find_elem(struct ce_array *ca, u64 pfn, unsigned int *to) > > this_pfn = PFN(ca->array[min]); > > - if (this_pfn == pfn) > + if (this_pfn == pfn && ca->n > min) > return min; > > return -ENOKEY; Any thought on this one?