Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1885179rwr; Sat, 6 May 2023 00:22:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7nnDI8J8+YuqU/Z9Uhl4OYUSlOhT/ah+juG5b1p9niwvRL2vaquxI6r1C2niq87akAdMyN X-Received: by 2002:a17:90b:3757:b0:247:afed:6d62 with SMTP id ne23-20020a17090b375700b00247afed6d62mr3773036pjb.46.1683357767642; Sat, 06 May 2023 00:22:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683357767; cv=none; d=google.com; s=arc-20160816; b=f614jpJKcI5ueZWXqiviBXyLGsPqMWgGAZ357yiCTh9eVYEsYYG2QUn4jw1UIKJwL/ phOOpHPfu/dpX+9CNSISNCUyPALdD+CnImZEDyZeq4WO3Y7LSqoqFL4wp/tTJ5fsDwG0 U/8wAW0BBGJLVdT7OM92ZZFm7Vk0WOR49lpf9hzaQjo6QShGWLObrByXLNyMPxnA+qd6 /Un+93HaC8G+MQEi6kv0UcitrqqCWdqrpiaz/kcJ0eRjrXYdtgkZdi4nccgzsOmIvJ7E PZZukNYebjmOJlh8gljryF3nsiZC7sHPZ9akudiCWiPmzaW+LBPUzmEFsny1wqhr4jzZ ByTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=LCwtFRx+YxY+EmtN+x8N93lmLUJnBu1GrjughYec7hk=; b=Uyu6EpZSRftn2kWcy7KwbAdvmNuwEqidGKBdLMv/29BR/2w4e9T5XKuJlCaPMKzP8Y uCGFC81nIUXytQgo3c5kVTa+Q7aOJT3LBvr0qwQURYxzV2JxJ2dAOHGw+jCSWnSLci9L BDBvMSfPYH79f25HqECaWP9Qg8b75xjmkDtp3AU03pgaBtsQnz7HtbcMulQ6x3FgRx+w 2XP9vTEtY1mJGNJPJ6rH0lhsS0LJq4EhbBt3j81ashqDh2OjhggG5lBWeoxVSe8ZpPzn GvgLq72bRSZwufMn5LrCqFCS+NcRHu8BMZ8nrXHA/VtQmocsjiH80bpipSuWHlD7BlKe GB5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=dPDRr9NJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ce21-20020a17090aff1500b00250366a3a83si2299258pjb.188.2023.05.06.00.22.30; Sat, 06 May 2023 00:22:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=dPDRr9NJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230196AbjEFHL3 (ORCPT + 99 others); Sat, 6 May 2023 03:11:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230132AbjEFHL2 (ORCPT ); Sat, 6 May 2023 03:11:28 -0400 Received: from smtp.smtpout.orange.fr (smtp-24.smtpout.orange.fr [80.12.242.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8F9E1156A for ; Sat, 6 May 2023 00:11:25 -0700 (PDT) Received: from pop-os.home ([86.243.2.178]) by smtp.orange.fr with ESMTPA id vC4bpnvtnGGqgvC4bpbPWL; Sat, 06 May 2023 09:11:23 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr; s=t20230301; t=1683357083; bh=LCwtFRx+YxY+EmtN+x8N93lmLUJnBu1GrjughYec7hk=; h=From:To:Cc:Subject:Date; b=dPDRr9NJWUcumThQ3K8vmGoeFthoe40EmUuljc44kB6Db1/nur+r3j+irmyyDY6fJ FmKTLTebxollA+5WkjbG2hHYBh5hFwz3qxCz8BDkV87L2Wuu23WF7DKfRW1Ial90IE nbOfhNAHOwV+1ohcE2SbHWbX2vvLqqkeXTFS9yu0Rty0IZZgHs4RQpkMXHpBuPSZlQ EYiSdWajeq+wLrAAIe8ZbciQvBNHEWi02kTHh2743MgdarwyrNThgKMAXI8MQ5WFbx bpdXtTSUSISBEm98bDhfFG5cIyjrNgJIaKWxKHfQIhn1LYLohibYm2U8NrvfMspNZN gChnjeggQqtTw== X-ME-Helo: pop-os.home X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Sat, 06 May 2023 09:11:23 +0200 X-ME-IP: 86.243.2.178 From: Christophe JAILLET To: Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , "Maciej W. Rozycki" Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Christophe JAILLET , linux-pci@vger.kernel.org Subject: [PATCH 1/2] x86/PCI: Fix a sanity check in pirq_convert_irt_table() Date: Sat, 6 May 2023 09:11:09 +0200 Message-Id: X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We compare the size in bytes of a struct (and its ending flexible array) with the number of elements in a flexible array. This is wrong and "ir->size < ir->used" is likely to be always false. Compute the number of possible entries instead, as already done in other places, and compare it to the number of used entries. Fixes: b584db0c84db ("x86/PCI: Add $IRT PIRQ routing table support") Signed-off-by: Christophe JAILLET --- /!\ This patch is speculative. Review with care /!\ I'm not sure that this sanity check is needed at all. If 'used' was the size of the flexible array, I think it would simplify the code in other places. It will also help scripts when __counted_by macro will be added. See [1]. [1]: https://lore.kernel.org/all/6453f739.170a0220.62695.7785@mx.google.com/ --- arch/x86/pci/irq.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c index a498b847d740..e29b487cc069 100644 --- a/arch/x86/pci/irq.c +++ b/arch/x86/pci/irq.c @@ -128,12 +128,16 @@ static inline struct irq_routing_table *pirq_convert_irt_table(u8 *addr, { struct irt_routing_table *ir; struct irq_routing_table *rt; + int entries; u16 size; u8 sum; int i; ir = (struct irt_routing_table *)addr; - if (ir->signature != IRT_SIGNATURE || !ir->used || ir->size < ir->used) + entries = (ir->size - sizeof(struct irq_routing_table)) / + sizeof(struct irq_info); + + if (ir->signature != IRT_SIGNATURE || !ir->used || entries < ir->used) return NULL; size = sizeof(*ir) + ir->used * sizeof(ir->slots[0]); -- 2.34.1