linux/drivers/acpi/nfit
Dan Carpenter 01091c496f acpi/nfit: improve bounds checking for 'func'
The 'func' variable can come from the user in the __nd_ioctl().  If it's
too high then the (1 << func) shift in acpi_nfit_clear_to_send() is
undefined.  In acpi_nfit_ctl() we pass 'func' to test_bit(func, &dsm_mask)
which could result in an out of bounds access.

To fix these issues, I introduced the NVDIMM_CMD_MAX (31) define and
updated nfit_dsm_revid() to use that define as well instead of magic
numbers.

Fixes: 11189c1089 ("acpi/nfit: Fix command-supported detection")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Link: https://lore.kernel.org/r/20200225161927.hvftuq7kjn547fyj@kili.mountain
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2020-02-28 18:21:52 -08:00
..
core.c acpi/nfit: improve bounds checking for 'func' 2020-02-28 18:21:52 -08:00
intel.c libnvdimm/security: Introduce a 'frozen' attribute 2019-08-29 13:49:13 -07:00
intel.h acpi/nfit, libnvdimm: Introduce nvdimm_security_ops 2018-12-13 17:54:13 -08:00
Kconfig acpi/nfit: Add support for Intel DSM 1.8 commands 2018-12-04 10:31:11 -08:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mce.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
nfit.h acpi/nfit: improve bounds checking for 'func' 2020-02-28 18:21:52 -08:00