| Message ID | 20240319181508.690837-1-dave.jiang@intel.com |
|---|---|
| State | Accepted |
| Commit | 5c88a9ccd4c431d58b532e4158b6999a8350062c |
| Headers | show |
| Series | cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned | expand |
Dave Jiang wrote: > In the error path, map->reg_type is being used for kernel warning > before its value is setup. Found by code inspection. Exposure to > user is wrong reg_type being emitted via kernel log. Use a local > var for reg_type and retrieve value for usage. > > Fixes: 6c7f4f1e51c2 ("cxl/core/regs: Make cxl_map_{component, device}_regs() device generic") > Signed-off-by: Dave Jiang <dave.jiang@intel.com> Looks good to me, Reviewed-by: Dan Williams <dan.j.williams@intel.com> I also agree with not needing to flag -stable, the impact of this likely to never trigger bug is just an incorrect print.
On Tue, 19 Mar 2024, Dave Jiang wrote: >In the error path, map->reg_type is being used for kernel warning >before its value is setup. Found by code inspection. Exposure to >user is wrong reg_type being emitted via kernel log. Use a local >var for reg_type and retrieve value for usage. > >Fixes: 6c7f4f1e51c2 ("cxl/core/regs: Make cxl_map_{component, device}_regs() device generic") >Signed-off-by: Dave Jiang <dave.jiang@intel.com> lgtm. Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
diff --git a/drivers/cxl/core/regs.c b/drivers/cxl/core/regs.c index 372786f80955..3c42f984eeaf 100644 --- a/drivers/cxl/core/regs.c +++ b/drivers/cxl/core/regs.c @@ -271,6 +271,7 @@ EXPORT_SYMBOL_NS_GPL(cxl_map_device_regs, CXL); static bool cxl_decode_regblock(struct pci_dev *pdev, u32 reg_lo, u32 reg_hi, struct cxl_register_map *map) { + u8 reg_type = FIELD_GET(CXL_DVSEC_REG_LOCATOR_BLOCK_ID_MASK, reg_lo); int bar = FIELD_GET(CXL_DVSEC_REG_LOCATOR_BIR_MASK, reg_lo); u64 offset = ((u64)reg_hi << 32) | (reg_lo & CXL_DVSEC_REG_LOCATOR_BLOCK_OFF_LOW_MASK); @@ -278,11 +279,11 @@ static bool cxl_decode_regblock(struct pci_dev *pdev, u32 reg_lo, u32 reg_hi, if (offset > pci_resource_len(pdev, bar)) { dev_warn(&pdev->dev, "BAR%d: %pr: too small (offset: %pa, type: %d)\n", bar, - &pdev->resource[bar], &offset, map->reg_type); + &pdev->resource[bar], &offset, reg_type); return false; } - map->reg_type = FIELD_GET(CXL_DVSEC_REG_LOCATOR_BLOCK_ID_MASK, reg_lo); + map->reg_type = reg_type; map->resource = pci_resource_start(pdev, bar) + offset; map->max_size = pci_resource_len(pdev, bar) - offset; return true;
In the error path, map->reg_type is being used for kernel warning before its value is setup. Found by code inspection. Exposure to user is wrong reg_type being emitted via kernel log. Use a local var for reg_type and retrieve value for usage. Fixes: 6c7f4f1e51c2 ("cxl/core/regs: Make cxl_map_{component, device}_regs() device generic") Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- drivers/cxl/core/regs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)