Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-21 Thread Borislav Petkov
On Sat, Apr 20, 2019 at 12:15:26PM -0700, Cong Wang wrote: > Yes, one is V1 and the other is V2. Is it hard to understand V2 is to > replace V1? Well, looking at these two very different fixes, it made me think that you don't really know what you're doing. So I went and did the Knuth's version jus

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-20 Thread Cong Wang
On Sat, Apr 20, 2019 at 12:04 PM Borislav Petkov wrote: > > On Sat, Apr 20, 2019 at 11:25:43AM -0700, Cong Wang wrote: > > If you want to go that far, you can choose to use lib/bsearch.c too in > > case you want to reinvent the wheel. > > Well, that doesn't give me the @to functionality which poin

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-20 Thread Borislav Petkov
On Sat, Apr 20, 2019 at 11:25:43AM -0700, Cong Wang wrote: > If you want to go that far, you can choose to use lib/bsearch.c too in > case you want to reinvent the wheel. Well, that doesn't give me the @to functionality which points to the slot where the new element should be inserted, when the se

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-20 Thread Cong Wang
On Sat, Apr 20, 2019 at 4:34 AM Borislav Petkov wrote: > > On Tue, Apr 16, 2019 at 04:16:08PM -0700, Cong Wang wrote: > > It is actually fairly easy: > > > > 1) Fill the whole page with PFN's: > > for i in `seq 0 511`; do echo $i >> /sys/kernel/debug/ras/cec/pfn; done > > > > 2) Set thresh to 1 in

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-20 Thread Borislav Petkov
On Tue, Apr 16, 2019 at 04:16:08PM -0700, Cong Wang wrote: > It is actually fairly easy: > > 1) Fill the whole page with PFN's: > for i in `seq 0 511`; do echo $i >> /sys/kernel/debug/ras/cec/pfn; done > > 2) Set thresh to 1 in order to trigger the deletion: > echo 1 > /sys/kernel/debug/ras/cec/c

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-16 Thread Cong Wang
On Tue, Apr 16, 2019 at 2:46 PM Borislav Petkov wrote: > > On Tue, Apr 16, 2019 at 02:33:50PM -0700, Cong Wang wrote: > > ce_arr.array[] is always within the range [0, ce_arr.n-1]. > > However, the binary search code in __find_elem() uses ce_arr.n > > as the maximum index, which could lead to an o

Re: [PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-16 Thread Borislav Petkov
On Tue, Apr 16, 2019 at 02:33:50PM -0700, Cong Wang wrote: > ce_arr.array[] is always within the range [0, ce_arr.n-1]. > However, the binary search code in __find_elem() uses ce_arr.n > as the maximum index, which could lead to an off-by-one > out-of-bound access right after the while loop. In thi

[PATCH v2 1/2] ras: fix an off-by-one error in __find_elem()

2019-04-16 Thread Cong Wang
ce_arr.array[] is always within the range [0, ce_arr.n-1]. However, the binary search code in __find_elem() uses ce_arr.n as the maximum index, which could lead to an off-by-one out-of-bound access right after the while loop. In this case, we should not even read it, just return -ENOKEY instead. N