Re: [PATCH v2] hwmon: it87: Clamp negative values to zero in set_fan()

Next message: Guenter Roeck: "Re: [PATCH v1 1/2] hwmon: cros_ec: Drop unused assignment of platform_device_id driver data"
Previous message: Guenter Roeck: "Re: [PATCH] hwmon: (asus-ec-sensors) add ROG STRIX B850-E GAMING WIFI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Guenter Roeck

Date: Sun Jun 07 2026 - 20:26:59 EST

On Fri, May 29, 2026 at 05:18:36PM +0300, Nikita Zhandarovich wrote:
> set_fan() parses user input with kstrtol() and passes the resulting
> value to FAN16_TO_REG() on chips with 16-bit fan support.
>
> Negative fan speeds are not meaningful and should be rejected before
> conversion. Worst scenario, one may be able to abuse undefined
> behaviour of signed overflow to possibly induce rpm * 2 == 0 in
> FAN16_TO_REG(), thus causing a division by zero.
>
> Instead, clamp val < 0 to zero and keep the conversion in its valid
> input domain, avoiding unsafe arithmetic in the register conversion
> path.
>
> Found by Linux Verification Center (linuxtesting.org) with static
> analysis tool SVACE.
>
> Fixes: 17d648bf5786 ("it87: Add support for the IT8716F")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@xxxxxxxxxx>

Applied.

Thanks,
Guenter