1. Patchew
  2. linux
  3. View series

[PATCH] platform/x86/intel/tpmi: Prevent overflow for cap_offset

Srinivas Pandruvada posted 1 patch 2 years, 7 months ago 
drivers/platform/x86/intel/tpmi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
[PATCH] platform/x86/intel/tpmi: Prevent overflow for cap_offset
Posted by Srinivas Pandruvada 2 years, 7 months ago 
cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT
(which is equal to 1024) to covert to bytes will cause overflow. This
will be a problem once more TPMI features are added.

This field is not used except for calculating pfs->vsec_offset. So, leave
cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while
calculating pfs->vsec_offset.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
---
Rebased on top of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
review-hans 

 drivers/platform/x86/intel/tpmi.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c
index 9c606ee2030c..d1fd6e69401c 100644
--- a/drivers/platform/x86/intel/tpmi.c
+++ b/drivers/platform/x86/intel/tpmi.c
@@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev)
 		if (!pfs_start)
 			pfs_start = res_start;
 
-		pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT;
-
-		pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset;
+		pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT;
 
 		/*
 		 * Process TPMI_INFO to get PCI device to CPU package ID.
-- 
2.38.1
Re: [PATCH] platform/x86/intel/tpmi: Prevent overflow for cap_offset
Posted by Hans de Goede 2 years, 7 months ago 
Hi,

On 6/22/23 21:57, Srinivas Pandruvada wrote:
> cap_offset is a u16 field, so multiplying with TPMI_CAP_OFFSET_UNIT
> (which is equal to 1024) to covert to bytes will cause overflow. This
> will be a problem once more TPMI features are added.
> 
> This field is not used except for calculating pfs->vsec_offset. So, leave
> cap_offset field unchanged and multiply with TPMI_CAP_OFFSET_UNIT while
> calculating pfs->vsec_offset.
> 
> Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
> ---
> Rebased on top of
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
> review-hans 

Thank you for your patch, I've applied this patch to my fixes
branch:
https://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git/log/?h=fixes

Note it will show up in my fixes branch once I've pushed my
local branch there, which might take a while.

I will include this patch in my next fixes pull-req to Linus
for the current kernel development cycle.

Regards,

Hans



> 
>  drivers/platform/x86/intel/tpmi.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c
> index 9c606ee2030c..d1fd6e69401c 100644
> --- a/drivers/platform/x86/intel/tpmi.c
> +++ b/drivers/platform/x86/intel/tpmi.c
> @@ -356,9 +356,7 @@ static int intel_vsec_tpmi_init(struct auxiliary_device *auxdev)
>  		if (!pfs_start)
>  			pfs_start = res_start;
>  
> -		pfs->pfs_header.cap_offset *= TPMI_CAP_OFFSET_UNIT;
> -
> -		pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset;
> +		pfs->vsec_offset = pfs_start + pfs->pfs_header.cap_offset * TPMI_CAP_OFFSET_UNIT;
>  
>  		/*
>  		 * Process TPMI_INFO to get PCI device to CPU package ID.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.