[bug report] habanalabs/gaudi: fix a race condition causing DMAR error
Dan Carpenter
dan.carpenter at linaro.org
Wed Mar 5 09:59:00 UTC 2025
Hello Yuri Nudelman,
Commit 17ab47d2d6d4 ("habanalabs/gaudi: fix a race condition causing
DMAR error") from Jun 22, 2022 (linux-next), leads to the following
Smatch static checker warning:
drivers/accel/habanalabs/gaudi/gaudi.c:1422 gaudi_get_patched_cb_extra_size()
warn: potential user controlled sizeof overflow 'user_cb_size + additional_commands' '0-u32max + 32'
drivers/accel/habanalabs/gaudi/gaudi.c
1415 static u32 gaudi_get_patched_cb_extra_size(u32 user_cb_size)
1416 {
1417 u32 cacheline_end, additional_commands;
1418
1419 cacheline_end = round_up(user_cb_size, DEVICE_CACHE_LINE_SIZE);
1420 additional_commands = sizeof(struct packet_msg_prot) * 2;
1421
--> 1422 if (user_cb_size + additional_commands > cacheline_end)
^^^^^^^^^^^^
The user_cb_size is a user controlled variable that comes from
cs_ioctl_default(). This addition operation could result in an interger
wrapping bug.
1423 return cacheline_end - user_cb_size + additional_commands;
1424 else
1425 return additional_commands;
1426 }
regards,
dan carpenter
More information about the dri-devel
mailing list