Hello, (CC: +Tony Luck. Original Patch: lore.kernel.org/r/20190626054011.30044-1-de...@etsukata.com )
On 26/06/2019 06:40, Eiichi Tsukata wrote: > Commit 9da21b1509d8 ("EDAC: Poll timeout cannot be zero, p2") assumes > edac_mc_poll_msec to be unsigned long, but the type of the variable still > remained as int. Setting edac_mc_poll_msec can trigger out-of-bounds > write. Thanks for catching this! > Fix it by changing the type of edac_mc_poll_msec to unsigned int. This means reverting more of 9da21b1509d8, but it also fixes signed/unsigned issues: | root@debian-guest:/sys/module/edac_core/parameters# echo 4294967295 > edac_mc_poll_msec | root@debian-guest:/sys/module/edac_core/parameters# cat edac_mc_poll_msec | -1 | root@debian-guest:/sys/module/edac_core/parameters# echo -1 > edac_mc_poll_msec | -bash: echo: write error: Invalid argument > The reason why this patch adopts unsigned int rather than unsigned long > is msecs_to_jiffies() assumes arg to be unsigned int. Ah, so the range is limited anyway. It looks like it was switched to long to be consistent with edac_mc_workq_setup(), which has since been removed in preference to msecs_to_jiffies(). Reviewed-by: James Morse <james.mo...@arm.com> Thanks, James