Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2336176ybd; Thu, 27 Jun 2019 10:39:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqx3nUYEz+2mi17K3sGfk9QUXgNv21cDEkrq9DF9hdBfxW2CMM2MhhunYVjWDg9wh9lcKAxg X-Received: by 2002:a17:90a:9b88:: with SMTP id g8mr7547368pjp.100.1561657144499; Thu, 27 Jun 2019 10:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561657144; cv=none; d=google.com; s=arc-20160816; b=vsKWrxmRobcvzHTzlvsrw78KZGDNXKFMbXT6YBmxI/5ZHKEJ9iAJpHrWppiPZ75VBq jIe8CxIrMsNOU/dbhFu0zineDyxhwrmjgVHk78ulxdkKdN8MQP9xNsMAk2y74Ehqh4JG xGb1BnnRn4MvV+yvzCgT2t44tsM1SlMT1jUYdbQ7DK+eA71nmR01iklCieTUaOWXR/PK TTeZ4wm1/EMPxTDzYHyYS1FqrN7kJpTVhR59Vhro/CBzmVRfXx/JYSovBJiNuLy9Uta9 XwI7svxg2/8gb+j11qKnoYzTX1tQ+ZA96F+SMsW/vOx2W7huHCN9JKxJCvuXd2T4MVtu RQZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=RjLnu3OI7Jfj7yQzhY5yV1CQO3L2+o52NQRX1nJb/10=; b=iqrjDTfnTCrpde0ASLtiyN3ZOg/Lz2WiOAWNEIZJKAWEYMcK6Ejsz6flaEujJfKVRY pM0JJeml+RiqVQoZOZz5LbdDp0vW93hLCYUXgyhgTS9GaXiabCXzbdO8jW/C/9URbguF R+UZk2bX1Xz0Gq/+demf0zPaj0kGl1QgHxtNCZ5+LDoA8k1VIv3aFF1WTCFV+/gPdkXL E3WjSpfya8qtH6p6Lsb0SYik26e9Uf25RF58GKl5sR/6SKkiQ8YG5Q8KMY4cWMm62O/A sgVAzD+j7zwNvqcxFqlWEmMuhOzei1ubR5TluQiIlBOgo3+tzLbGg54NEHBwVBSq6+fY 57Dg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i95si2690330plb.106.2019.06.27.10.38.48; Thu, 27 Jun 2019 10:39:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726920AbfF0Rgx (ORCPT + 99 others); Thu, 27 Jun 2019 13:36:53 -0400 Received: from mga12.intel.com ([192.55.52.136]:4681 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726906AbfF0Rgu (ORCPT ); Thu, 27 Jun 2019 13:36:50 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jun 2019 10:36:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,424,1557212400"; d="scan'208";a="156307617" Received: from agluck-desk2.sc.intel.com (HELO agluck-desk2.amr.corp.intel.com) ([10.3.52.68]) by orsmga008.jf.intel.com with ESMTP; 27 Jun 2019 10:36:49 -0700 Date: Thu, 27 Jun 2019 10:36:49 -0700 From: "Luck, Tony" To: James Morse Cc: Eiichi Tsukata , bp@alien8.de, mchehab@kernel.org, linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec Message-ID: <20190627173649.GA18346@agluck-desk2.amr.corp.intel.com> References: <20190626054011.30044-1-devel@etsukata.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 27, 2019 at 06:11:18PM +0100, James Morse wrote: > Hello, > > (CC: +Tony Luck. > Original Patch: lore.kernel.org/r/20190626054011.30044-1-devel@etsukata.com ) Heh: My mail agent "helpfully" made that clickable, but as a "mailto:" URL rather than an https: one! > > On 26/06/2019 06:40, Eiichi Tsukata wrote: > > Commit 9da21b1509d8 ("EDAC: Poll timeout cannot be zero, p2") assumes > > edac_mc_poll_msec to be unsigned long, but the type of the variable still > > remained as int. Setting edac_mc_poll_msec can trigger out-of-bounds > > write. > > Thanks for catching this! Ditto & likewise. > > > > Fix it by changing the type of edac_mc_poll_msec to unsigned int. > > This means reverting more of 9da21b1509d8, but it also fixes signed/unsigned issues: > | root@debian-guest:/sys/module/edac_core/parameters# echo 4294967295 > edac_mc_poll_msec > | root@debian-guest:/sys/module/edac_core/parameters# cat edac_mc_poll_msec > | -1 > | root@debian-guest:/sys/module/edac_core/parameters# echo -1 > edac_mc_poll_msec > | -bash: echo: write error: Invalid argument > > > > The reason why this patch adopts unsigned int rather than unsigned long > > is msecs_to_jiffies() assumes arg to be unsigned int. > > Ah, so the range is limited anyway. > > It looks like it was switched to long to be consistent with edac_mc_workq_setup(), which > has since been removed in preference to msecs_to_jiffies(). > > > Reviewed-by: James Morse Applied. (Boris left me in charge of EDAC bits for the next few weeks). It will show up in the for_5.3 branch of: git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras.git after test builds complete. -Tony