[PATCH] powerpc/rtas_flash: fix a potential buffer overflow

kernel test robot lkp at intel.com
Wed Jul 14 12:49:05 AEST 2021 

Hi Yi,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on powerpc/next]
[also build test WARNING on v5.14-rc1 next-20210713]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Yi-Zhuang/powerpc-rtas_flash-fix-a-potential-buffer-overflow/20210714-090314
base:   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/546db7a99374dedd110a01801ad4456f56170d4d
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Yi-Zhuang/powerpc-rtas_flash-fix-a-potential-buffer-overflow/20210714-090314
        git checkout 546db7a99374dedd110a01801ad4456f56170d4d
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>

All warnings (new ones prefixed by >>):

   arch/powerpc/kernel/rtas_flash.c: In function 'get_validate_flash_msg':
>> arch/powerpc/kernel/rtas_flash.c:472:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
     472 |   if ((args_buf->update_results >= VALIDATE_CUR_UNKNOWN) ||
         |   ^~
   arch/powerpc/kernel/rtas_flash.c:476:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
     476 |    if (n >= msglen) {
         |    ^~


vim +/if +472 arch/powerpc/kernel/rtas_flash.c

^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  464  
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  465  static int get_validate_flash_msg(struct rtas_validate_flash_t *args_buf, 
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  466  		                   char *msg, int msglen)
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  467  {
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  468  	int n;
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  469  
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  470  	if (args_buf->status >= VALIDATE_TMP_UPDATE) { 
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  471  		n = sprintf(msg, "%d\n", args_buf->update_results);
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16 @472  		if ((args_buf->update_results >= VALIDATE_CUR_UNKNOWN) ||
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  473  		    (args_buf->update_results == VALIDATE_TMP_UPDATE))
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  474  			n += snprintf(msg + n, msglen - n, "%s\n",
a94a14720eaf55 arch/powerpc/kernel/rtas_flash.c Vasant Hegde   2013-05-07  475  					args_buf->buf);
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  476  			if (n >= msglen) {
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  477  				n = msglen;
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  478  				printk(KERN_ERR "FLASH: msg too long.\n");
546db7a99374de arch/powerpc/kernel/rtas_flash.c Yi Zhuang      2021-07-14  479  			}
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  480  	} else {
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  481  		n = sprintf(msg, "%d\n", args_buf->status);
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  482  	}
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  483  	return n;
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  484  }
^1da177e4c3f41 arch/ppc64/kernel/rtas_flash.c   Linus Torvalds 2005-04-16  485  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.gz
Type: application/gzip
Size: 73240 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20210714/243b5430/attachment-0001.gz>

More information about the Linuxppc-dev mailing list