Re: [PATCH 2/2] libnvdimm: Out of bounds read in __nd_ioctl()

From: Dan Williams
Date: Tue Feb 25 2020 - 12:40:32 EST

Next message: Sami Tolvanen: "[PATCH v9 08/12] arm64: vdso: disable Shadow Call Stack"
Previous message: Sami Tolvanen: "[PATCH v9 12/12] efi/libstub: disable SCS"
In reply to: Dan Carpenter: "[PATCH 2/2] libnvdimm: Out of bounds read in __nd_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 25, 2020 at 8:21 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> The "cmd" comes from the user and it can be up to 255. It it's more
> than the number of bits in long, it results out of bounds read when we
> check test_bit(cmd, &cmd_mask). The highest valid value for "cmd" is
> ND_CMD_CALL (10) so I added a compare against that.
>
> Fixes: 62232e45f4a2 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Looks good, applied.

Next message: Sami Tolvanen: "[PATCH v9 08/12] arm64: vdso: disable Shadow Call Stack"
Previous message: Sami Tolvanen: "[PATCH v9 12/12] efi/libstub: disable SCS"
In reply to: Dan Carpenter: "[PATCH 2/2] libnvdimm: Out of bounds read in __nd_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]