drivers/acpi/arm64/gtdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
because do{} block will be executed even if 'i == 0'.
Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a712c3ed9b8a ("acpi/arm64: Add memory-mapped timer support in GTDT driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
---
drivers/acpi/arm64/gtdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c
index c0e77c1c8e09..eb6c2d360387 100644
--- a/drivers/acpi/arm64/gtdt.c
+++ b/drivers/acpi/arm64/gtdt.c
@@ -283,7 +283,7 @@ static int __init gtdt_parse_timer_block(struct acpi_gtdt_timer_block *block,
if (frame->virt_irq > 0)
acpi_unregister_gsi(gtdt_frame->virtual_timer_interrupt);
frame->virt_irq = 0;
- } while (i-- >= 0 && gtdt_frame--);
+ } while (i-- > 0 && gtdt_frame--);
return -EINVAL;
}
--
2.30.2On Tue, 27 Aug 2024 13:12:39 +0300, Aleksandr Mishin wrote:
> In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
> will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
> because do{} block will be executed even if 'i == 0'.
>
> Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> [...]
Applied to arm64 (for-next/misc), thanks!
[1/1] acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
https://git.kernel.org/arm64/c/1a9de2f6fda6
--
Catalin
On Tue, Aug 27, 2024 at 01:12:39PM +0300, Aleksandr Mishin wrote:
> In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
> will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
> because do{} block will be executed even if 'i == 0'.
>
> Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
(For some reason I don't see the original email in my inbox, might have
got blocked 🙁). Anyways LGTM,
Acked-by: Aleksandr Mishin <amishin@t-argos.ru>
--
Regards,
Sudeep
On Thu, Aug 29, 2024 at 05:17:44PM +0100, Sudeep Holla wrote:
> On Tue, Aug 27, 2024 at 01:12:39PM +0300, Aleksandr Mishin wrote:
> > In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
> > will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
> > because do{} block will be executed even if 'i == 0'.
> >
> > Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
> >
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> >
>
> (For some reason I don't see the original email in my inbox, might have
> got blocked 🙁). Anyways LGTM,
>
> Acked-by: Aleksandr Mishin <amishin@t-argos.ru>
Sorry I messed up, I meant
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
--
Regards,
Sudeep
On 2024/8/27 18:12, Aleksandr Mishin wrote:
> In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
> will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
> because do{} block will be executed even if 'i == 0'.
>
> Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a712c3ed9b8a ("acpi/arm64: Add memory-mapped timer support in GTDT driver")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
> drivers/acpi/arm64/gtdt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c
> index c0e77c1c8e09..eb6c2d360387 100644
> --- a/drivers/acpi/arm64/gtdt.c
> +++ b/drivers/acpi/arm64/gtdt.c
> @@ -283,7 +283,7 @@ static int __init gtdt_parse_timer_block(struct acpi_gtdt_timer_block *block,
> if (frame->virt_irq > 0)
> acpi_unregister_gsi(gtdt_frame->virtual_timer_interrupt);
> frame->virt_irq = 0;
> - } while (i-- >= 0 && gtdt_frame--);
> + } while (i-- > 0 && gtdt_frame--);
Good catch,
Acked-by: Hanjun Guo <guohanjun@huawei.com>
It's a fix in the error path, so I think it's OK for next release cycle.
Thanks
Hanjun
© 2016 - 2025 Red Hat, Inc.