Thread (22 messages) 22 messages, 4 authors, 2018-02-20

[PATCH 9/9] serial: xuartps: Fix out-of-bounds access through DT alias

From: Michal Simek <hidden>
Date: 2018-02-20 12:39:44
Also in: linux-devicetree, linux-renesas-soc, linux-serial, lkml 

On 20.2.2018 13:27, Geert Uytterhoeven wrote:
Hi Michal,

On Tue, Feb 20, 2018 at 12:27 PM, Michal Simek [off-list ref] wrote:
quoted
On 20.2.2018 11:38, Geert Uytterhoeven wrote:
quoted
On Tue, Feb 20, 2018 at 11:22 AM, Michal Simek [off-list ref] wrote:
quoted
On 20.2.2018 10:40, Geert Uytterhoeven wrote:
quoted
The cdns_uart_port[] array is indexed using a value derived from the
"serialN" alias in DT, which may lead to an out-of-bounds access.

Fix this by adding a range check.
quoted
I have checked 4 patches I have sent in past which didn't reach mainline
(probably because of RFC)
Take a look at
https://www.spinics.net/lists/linux-serial/msg27106.html

I have removed cdns_uart_port array completely there.
Nice! I'd love to get rid of fixed arrays in serial...

However, IMHO it's still worthwhile to fix the out-of-bounds access first,
as that fix can be backported to stable kernels easily.
I agree with you. Not a problem with your patch and for me it won't be
problem to rebase.

I would love to get rid of CDNS_UART_NR_PORTS but unfortunately this is
passed to core via .nr.

Thanks,
Michal
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help