Re: [PATCH v5 29/33] nvdimm acpi: support Get Namespace Label Data function
On Wed, Oct 28, 2015 at 10:26:27PM +, Xiao Guangrong wrote:
> +static void nvdimm_dsm_func_get_label_data(NVDIMMDevice *nvdimm,
> + nvdimm_dsm_in *in, GArray *out)
> +{
> +NVDIMMClass *nvc = NVDIMM_GET_CLASS(nvdimm);
> +nvdimm_func_in_get_label_data *get_label_data = >func_get_label_data;
> +void *buf;
> +uint32_t status = NVDIMM_DSM_STATUS_SUCCESS;
> +
> +le32_to_cpus(_label_data->offset);
> +le32_to_cpus(_label_data->length);
> +
> +nvdimm_debug("Read Label Data: offset %#x length %#x.\n",
> + get_label_data->offset, get_label_data->length);
> +
> +if (nvdimm->label_size < get_label_data->offset +
> get_label_data->length) {
Integer overflow isn't handled here and it's unclear if that can cause
problems later on. It's safest to catch it right away instead of
relying on nvc->read_label_data() to check again.
signature.asc
Description: PGP signature
Re: [PATCH v5 29/33] nvdimm acpi: support Get Namespace Label Data function
On 10/29/2015 12:46 AM, Stefan Hajnoczi wrote:
On Wed, Oct 28, 2015 at 10:26:27PM +, Xiao Guangrong wrote:
+static void nvdimm_dsm_func_get_label_data(NVDIMMDevice *nvdimm,
+ nvdimm_dsm_in *in, GArray *out)
+{
+NVDIMMClass *nvc = NVDIMM_GET_CLASS(nvdimm);
+nvdimm_func_in_get_label_data *get_label_data = >func_get_label_data;
+void *buf;
+uint32_t status = NVDIMM_DSM_STATUS_SUCCESS;
+
+le32_to_cpus(_label_data->offset);
+le32_to_cpus(_label_data->length);
+
+nvdimm_debug("Read Label Data: offset %#x length %#x.\n",
+ get_label_data->offset, get_label_data->length);
+
+if (nvdimm->label_size < get_label_data->offset + get_label_data->length) {
Integer overflow isn't handled here and it's unclear if that can cause
problems later on. It's safest to catch it right away instead of
relying on nvc->read_label_data() to check again.
Good catch, Stefan! I will fix it by adding a additional check:
if (get_label_data->offset + get_label_data->length > get_label_data->offset) {
nvdimm_debug("offset %#x + length %#x overflowed.\n");
status = NVDIMM_DSM_DEV_STATUS_INVALID_PARAS;
goto exit;
}
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v5 29/33] nvdimm acpi: support Get Namespace Label Data function
On 10/29/2015 10:25 AM, Xiao Guangrong wrote:
On 10/29/2015 12:46 AM, Stefan Hajnoczi wrote:
On Wed, Oct 28, 2015 at 10:26:27PM +, Xiao Guangrong wrote:
+static void nvdimm_dsm_func_get_label_data(NVDIMMDevice *nvdimm,
+ nvdimm_dsm_in *in, GArray *out)
+{
+NVDIMMClass *nvc = NVDIMM_GET_CLASS(nvdimm);
+nvdimm_func_in_get_label_data *get_label_data = >func_get_label_data;
+void *buf;
+uint32_t status = NVDIMM_DSM_STATUS_SUCCESS;
+
+le32_to_cpus(_label_data->offset);
+le32_to_cpus(_label_data->length);
+
+nvdimm_debug("Read Label Data: offset %#x length %#x.\n",
+ get_label_data->offset, get_label_data->length);
+
+if (nvdimm->label_size < get_label_data->offset + get_label_data->length) {
Integer overflow isn't handled here and it's unclear if that can cause
problems later on. It's safest to catch it right away instead of
relying on nvc->read_label_data() to check again.
Good catch, Stefan! I will fix it by adding a additional check:
if (get_label_data->offset + get_label_data->length > get_label_data->offset) {
<
Sorry for the typo.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
