[lvc-project] [PATCH v2] hwmon: it87: Clamp negative values to zero in set_fan()
Guenter Roeck
linux at roeck-us.net
Mon Jun 8 03:24:47 MSK 2026
On Fri, May 29, 2026 at 05:18:36PM +0300, Nikita Zhandarovich wrote:
> set_fan() parses user input with kstrtol() and passes the resulting
> value to FAN16_TO_REG() on chips with 16-bit fan support.
>
> Negative fan speeds are not meaningful and should be rejected before
> conversion. Worst scenario, one may be able to abuse undefined
> behaviour of signed overflow to possibly induce rpm * 2 == 0 in
> FAN16_TO_REG(), thus causing a division by zero.
>
> Instead, clamp val < 0 to zero and keep the conversion in its valid
> input domain, avoiding unsafe arithmetic in the register conversion
> path.
>
> Found by Linux Verification Center (linuxtesting.org) with static
> analysis tool SVACE.
>
> Fixes: 17d648bf5786 ("it87: Add support for the IT8716F")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich at fintech.ru>
Applied.
Thanks,
Guenter
More information about the lvc-project
mailing list