Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp6373rbe; Wed, 28 Feb 2024 10:16:17 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVusmfum7pyZuwr0O/5y8dMvLUDIrv9TH2n7Xr/9C0UyZYRXjilsOiM86vNAAAcMgv1xm1sxQCafOccXCoGL/SzFAy9Joy1JxDlcDfHrg== X-Google-Smtp-Source: AGHT+IFPMuoAcFhOPLXPrbgQwYySvkPgLhE1v6ivr+akP9Cj3Pr27ER80dX5lEQHCAgCPTVoFabX X-Received: by 2002:a17:906:c784:b0:a3f:d2a8:a5c4 with SMTP id cw4-20020a170906c78400b00a3fd2a8a5c4mr145663ejb.35.1709144177657; Wed, 28 Feb 2024 10:16:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709144177; cv=pass; d=google.com; s=arc-20160816; b=HCSvq0PDXs0u8jiD/QovbPKiPELFobapzaM+Y2I94Kw4Y9C5xGwrp3xKGHTrfmdXDc dEmQ23FQfBXkdvYaLFUxQlI7AoqBW5WUwFbVpaRMiIiKTlB4PbNc85T+YSfzlYU3PjYx lfIPdFK/GxSDkxtb+NUSsCiJHTVxggFX7mLkXxoBFbvx+1+xjS80rc+WWP+Ki4/8SR2q m0jlREopE3J069eS+C/Zb5xBbLF691Yn6JlBJrFhdEdmqi/UXbKhZ5b7FOIT1JXNJ8VV JfOmI6wADRr8IGvqllkSjQSdYYh3FSsxt5U96Z1F/KXavxj97aiNyNJ3NHKLxL9eFLUm oJUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=4RgBQLcrgH3gOWvIgwazhE5Cb5mh+fuN2kUzWGSABzg=; fh=AChMt8er6ODedQakO89kcM/c/e6jmuSIAaEgDBtwEpg=; b=Rbb+5wVcUg88vFJN183FcuH2BebruQS1C8HhABGfnT7VZMi+M459XKvzbIhLFgmZk+ bw6YRfQdKuAiLTBBvIF+3/lNXqcobQn2byg0dm7HDMqkCKif+nICBmeuSI0DCvFQAGgW 08Up+06RTuOHm9a3N9IxU1qQaiNxg/qKAzD8K3XvwC/gxA+5RGjWCD1UBCA4vos4GNLG y5deZV7FywFS+A2iRQixR9vylT3zSOui1bqBVaGgDgJZIqZWF6V3UrrbsHujyzxJ7YhM qvB3gk77mvxrfvPoTc/7NpTOBU+NUQ0HCqmLaj2F8hA8weNPmpCT4k2GNElldgrsgIDV bWrA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CNynDODW; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-85517-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id g6-20020a170906394600b00a3eb7b50c6fsi1901277eje.932.2024.02.28.10.16.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Feb 2024 10:16:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-85517-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CNynDODW; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-85517-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-85517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 6B3F31F272D2 for ; Wed, 28 Feb 2024 18:16:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7047240858; Wed, 28 Feb 2024 18:16:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="CNynDODW" Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA9DD79B61 for ; Wed, 28 Feb 2024 18:16:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709144169; cv=none; b=NBvZUYFy3BGI0nc1njqCdGsEnOM/UfCWRS5El0rOn2ZfhAlGppOgps+hOrmesMb3RUJGLUgIwoEqDYo6NdQng4jF+v0xnjqe1FMPKj6GQUhQEmK3iqX9kcQRUUplkMq0uXP4v8TlN7V1cRlLjPah+mSwttBHkmDYANBxqZu7BHY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709144169; c=relaxed/simple; bh=1kWaysEbsM70DaSeLNKQutuegUR4y2SpD1yzaZdBcZQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=KHQfDLIxzfw/RcLcKK/wYp9/xyUZGrEpV1DcMgNHMEBVuFmW3+FU2QCgOZEYU6uiN+RURkkJ87c+4Uh8mETsWuhOteX7sGQUnoa3tPP7kXr7QPWk+NGipAmbXGYe+nwQpsj3nkYlpHt8BntcPf1ds/9VNd5etndLMfuIQOvws4c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=CNynDODW; arc=none smtp.client-ip=209.85.128.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-412ba5ce271so121315e9.0 for ; Wed, 28 Feb 2024 10:16:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1709144166; x=1709748966; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=4RgBQLcrgH3gOWvIgwazhE5Cb5mh+fuN2kUzWGSABzg=; b=CNynDODWiBx+yxNlHgWEGN4jdSPZWJceJp6wyQZL6za21GJJcMD35NLt2HLKzRQJmp 3qIoqu0AKrfVqWhPpULhry1Ph0VwzzIndMDH4+y6a9+MP3cu/jr9ZP+ZgOdhZZes5nLr IJVHBypF3Q7VhslGnnfMjgfWjJ8FHZoPRXIPx8q0R4gE9cLVTyBZshiEWeIQGc4+E19F z/CrPle+8t0rVR8KtJVKzpcuhDZxP7+D9nQrsTpjuHGcZi30qP/avZUJOEtTfWOR9Jfi IJmjyfDo7GAft0AXZ/Bz2omwNFIeKTE/SAG6bc9iM2UMnU2Bxq0dhEEIPTbVKHKJaN38 qzMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709144166; x=1709748966; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4RgBQLcrgH3gOWvIgwazhE5Cb5mh+fuN2kUzWGSABzg=; b=fKo19ppKxcdN1MY13ajdFTvhVi39PpKkWgn7wN8q9od9PDbrBVRUNKPJIHDuMduXtZ 2bZn/LP34rUP0Z9n+mAcmJyTuEdcKP4Ztu3tAT7QVtHIFQG80HSpyrMjGm6OGPiLtev+ BLwblLxhD0++K4fgA8dFRX+W7D8qOV14BHOM3PS1Ne2A/+8D2oZaIej2h4igC8a8g7hC ZIuP6ERS4TtlD4sZ8/E0sOAGQzk7EvpBm2D93iGbyJSQJPrB6Jh+TIPTPIPc7D1JY+In /kblfr1U9WPS39QiXNKfOYGKRQzgykBfUXrZb86ZdJUqVBtkAGVwb6T4kIM65jdlTaQP qnTg== X-Forwarded-Encrypted: i=1; AJvYcCX9w+mn6A7NEMDRt+wNiLxd2GAauscx6SbD02pulWOvL044O2zJ4pWt/hIZO0DA2JUk2+HGgJ53Vhxb1HViZJRItv2T8NAddzX2o7+z X-Gm-Message-State: AOJu0YxAbrq/hPRB2bvwdqqxsbtP/0OlXbB5VTOtitMcWeVvll6YN/XM TIo8EZtr2zU0CNngd7e6xgqwrbgbIhn2tnrCldO3onDrW6nwfyqry/VoGNNmIhw= X-Received: by 2002:a05:600c:450c:b0:412:b3bf:8143 with SMTP id t12-20020a05600c450c00b00412b3bf8143mr272467wmo.12.1709144166247; Wed, 28 Feb 2024 10:16:06 -0800 (PST) Received: from localhost ([102.222.70.76]) by smtp.gmail.com with ESMTPSA id s15-20020a7bc38f000000b004128f1ace2asm2757215wmj.19.2024.02.28.10.16.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Feb 2024 10:16:05 -0800 (PST) Date: Wed, 28 Feb 2024 21:16:02 +0300 From: Dan Carpenter To: Stefan Hajnoczi Cc: Cindy Lu , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , Xie Yongji , Maxime Coquelin , Greg Kroah-Hartman , Christian Brauner , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH v2] vduse: Fix off by one in vduse_dev_mmap() Message-ID: <67af4fbe-9dc1-45f7-aef2-ed397da733ef@moroto.mountain> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Feb 28, 2024 at 12:53:28PM -0500, Stefan Hajnoczi wrote: > On Wed, 28 Feb 2024 at 12:44, Dan Carpenter wrote: > > > > The dev->vqs[] array has "dev->vq_num" elements. It's allocated in > > vduse_dev_init_vqs(). Thus, this > comparison needs to be >= to avoid > > reading one element beyond the end of the array. > > > > Add an array_index_nospec() as well to prevent speculation issues. > > > > Fixes: 316ecd1346b0 ("vduse: Add file operation for mmap") > > Signed-off-by: Dan Carpenter > > --- > > v2: add array_index_nospec(). > > Did you forget to update the patch, I don't see array_index_nospec()? > > > > > drivers/vdpa/vdpa_user/vduse_dev.c | 3 ++- ^^^^^ I updated the patch but the thing about vim is that every time you press a button it does something unexpected. Vim ate my homework. regards, dan carpenter