| Message ID | 20190323210423.8881-1-pakki001@umn.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] pci: pcie-xilinx: fix a missing-check bug for __get_free_pages | expand |
On 23/03/2019 21:04, Aditya Pakki wrote: > In case __get_free_pages fail, the fix returns error upstream > to avoid NULL pointer dereference. > > Signed-off-by: Aditya Pakki <pakki001@umn.edu> Reviewed-by: Steven Price <steven.price@arm.com> > > --- > v1: Return error upstream as suggested by Steven > --- > drivers/pci/controller/pcie-xilinx.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/pci/controller/pcie-xilinx.c b/drivers/pci/controller/pcie-xilinx.c > index 9bd1a35cd5d8..91d8945bfb0c 100644 > --- a/drivers/pci/controller/pcie-xilinx.c > +++ b/drivers/pci/controller/pcie-xilinx.c > @@ -335,15 +335,19 @@ static const struct irq_domain_ops msi_domain_ops = { > /** > * xilinx_pcie_enable_msi - Enable MSI support > * @port: PCIe port information > + * Return: 0 on success, negative error on failure > */ > -static void xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) > +static int xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) > { > phys_addr_t msg_addr; > > port->msi_pages = __get_free_pages(GFP_KERNEL, 0); > + if (!port->msi_pages) > + return -ENOMEM; > msg_addr = virt_to_phys((void *)port->msi_pages); > pcie_write(port, 0x0, XILINX_PCIE_REG_MSIBASE1); > pcie_write(port, msg_addr, XILINX_PCIE_REG_MSIBASE2); > + return 0; > } > > /* INTx Functions */ > @@ -498,6 +502,7 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) > struct device *dev = port->dev; > struct device_node *node = dev->of_node; > struct device_node *pcie_intc_node; > + int ret; > > /* Setup INTx */ > pcie_intc_node = of_get_next_child(node, NULL); > @@ -526,7 +531,9 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) > return -ENODEV; > } > > - xilinx_pcie_enable_msi(port); > + ret = xilinx_pcie_enable_msi(port); > + if (ret) > + return ret; > } > > return 0; >
On 23/03/2019 21:04, Aditya Pakki wrote: > In case __get_free_pages fail, the fix returns error upstream > to avoid NULL pointer dereference. Where does msi_pages ever get dereferenced? The logic here might actually still have a chance of working out OK with NULL depending on how the memory maps line up, but even if it doesn't, the problem is certainly not one of dereferencing. Robin. > Signed-off-by: Aditya Pakki <pakki001@umn.edu> > > --- > v1: Return error upstream as suggested by Steven > --- > drivers/pci/controller/pcie-xilinx.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/pci/controller/pcie-xilinx.c b/drivers/pci/controller/pcie-xilinx.c > index 9bd1a35cd5d8..91d8945bfb0c 100644 > --- a/drivers/pci/controller/pcie-xilinx.c > +++ b/drivers/pci/controller/pcie-xilinx.c > @@ -335,15 +335,19 @@ static const struct irq_domain_ops msi_domain_ops = { > /** > * xilinx_pcie_enable_msi - Enable MSI support > * @port: PCIe port information > + * Return: 0 on success, negative error on failure > */ > -static void xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) > +static int xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) > { > phys_addr_t msg_addr; > > port->msi_pages = __get_free_pages(GFP_KERNEL, 0); > + if (!port->msi_pages) > + return -ENOMEM; > msg_addr = virt_to_phys((void *)port->msi_pages); > pcie_write(port, 0x0, XILINX_PCIE_REG_MSIBASE1); > pcie_write(port, msg_addr, XILINX_PCIE_REG_MSIBASE2); > + return 0; > } > > /* INTx Functions */ > @@ -498,6 +502,7 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) > struct device *dev = port->dev; > struct device_node *node = dev->of_node; > struct device_node *pcie_intc_node; > + int ret; > > /* Setup INTx */ > pcie_intc_node = of_get_next_child(node, NULL); > @@ -526,7 +531,9 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) > return -ENODEV; > } > > - xilinx_pcie_enable_msi(port); > + ret = xilinx_pcie_enable_msi(port); > + if (ret) > + return ret; > } > > return 0; >
diff --git a/drivers/pci/controller/pcie-xilinx.c b/drivers/pci/controller/pcie-xilinx.c index 9bd1a35cd5d8..91d8945bfb0c 100644 --- a/drivers/pci/controller/pcie-xilinx.c +++ b/drivers/pci/controller/pcie-xilinx.c @@ -335,15 +335,19 @@ static const struct irq_domain_ops msi_domain_ops = { /** * xilinx_pcie_enable_msi - Enable MSI support * @port: PCIe port information + * Return: 0 on success, negative error on failure */ -static void xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) +static int xilinx_pcie_enable_msi(struct xilinx_pcie_port *port) { phys_addr_t msg_addr; port->msi_pages = __get_free_pages(GFP_KERNEL, 0); + if (!port->msi_pages) + return -ENOMEM; msg_addr = virt_to_phys((void *)port->msi_pages); pcie_write(port, 0x0, XILINX_PCIE_REG_MSIBASE1); pcie_write(port, msg_addr, XILINX_PCIE_REG_MSIBASE2); + return 0; } /* INTx Functions */ @@ -498,6 +502,7 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) struct device *dev = port->dev; struct device_node *node = dev->of_node; struct device_node *pcie_intc_node; + int ret; /* Setup INTx */ pcie_intc_node = of_get_next_child(node, NULL); @@ -526,7 +531,9 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port) return -ENODEV; } - xilinx_pcie_enable_msi(port); + ret = xilinx_pcie_enable_msi(port); + if (ret) + return ret; } return 0;
In case __get_free_pages fail, the fix returns error upstream to avoid NULL pointer dereference. Signed-off-by: Aditya Pakki <pakki001@umn.edu> --- v1: Return error upstream as suggested by Steven --- drivers/pci/controller/pcie-xilinx.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)