From: Manivannan Sadhasivam manivannan.sadhasivam@linaro.org
mainline inclusion from mainline-v6.11-rc1 commit 5a5095a8bd1bd349cce1c879e5e44407a34dda8a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ5P CVE: CVE-2024-43824
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference.
Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning:
drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747)
Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables.
[kwilczynski: commit log] Fixes: 5e50ee27d4a5 ("PCI: pci-epf-test: Add support to defer core initialization") Closes: https://lore.kernel.org/linux-pci/024b5826-7180-4076-ae08-57d2584cca3f@morot... Link: https://lore.kernel.org/linux-pci/20240418-pci-epf-test-fix-v2-1-eacd5483144... Reported-by: Dan Carpenter dan.carpenter@linaro.org Signed-off-by: Manivannan Sadhasivam manivannan.sadhasivam@linaro.org Signed-off-by: Krzysztof WilczyĆski kwilczynski@kernel.org Signed-off-by: Bjorn Helgaas bhelgaas@google.com Reviewed-by: Frank Li Frank.Li@nxp.com Reviewed-by: Niklas Cassel cassel@kernel.org
Conflicts: drivers/pci/endpoint/functions/pci-epf-test.c [context conflicts] Signed-off-by: liwei liwei728@huawei.com --- drivers/pci/endpoint/functions/pci-epf-test.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c index ef52f5097eb3..219ac744275d 100644 --- a/drivers/pci/endpoint/functions/pci-epf-test.c +++ b/drivers/pci/endpoint/functions/pci-epf-test.c @@ -674,19 +674,11 @@ static int pci_epf_test_core_init(struct pci_epf *epf) { struct pci_epf_test *epf_test = epf_get_drvdata(epf); struct pci_epf_header *header = epf->header; - const struct pci_epc_features *epc_features; + const struct pci_epc_features *epc_features = epf_test->epc_features; struct pci_epc *epc = epf->epc; struct device *dev = &epf->dev; - bool msix_capable = false; - bool msi_capable = true; int ret;
- epc_features = pci_epc_get_features(epc, epf->func_no); - if (epc_features) { - msix_capable = epc_features->msix_capable; - msi_capable = epc_features->msi_capable; - } - ret = pci_epc_write_header(epc, epf->func_no, header); if (ret) { dev_err(dev, "Configuration header write failed\n"); @@ -697,7 +689,7 @@ static int pci_epf_test_core_init(struct pci_epf *epf) if (ret) return ret;
- if (msi_capable) { + if (epc_features->msi_capable) { ret = pci_epc_set_msi(epc, epf->func_no, epf->msi_interrupts); if (ret) { dev_err(dev, "MSI configuration failed\n"); @@ -705,7 +697,7 @@ static int pci_epf_test_core_init(struct pci_epf *epf) } }
- if (msix_capable) { + if (epc_features->msix_capable) { ret = pci_epc_set_msix(epc, epf->func_no, epf->msix_interrupts, epf_test->test_reg_bar, epf_test->msix_table_offset);