[PATCH openEuler-5.10 70/71] PCI: check BIR before mapping MSI-X Table

31 Dec 2021

From: Xiongfeng Wang wangxiongfeng2@huawei.com
hulk inclusion
category: bugfix
bugzilla: 4390,https://gitee.com/openeuler/kernel/issues/I4OG3O?from=project-issue
CVE: NA
-------------------
We use 'bir' as the index of array resource[DEVICE_COUNT_RESOURCE].
Wrong 'bir' will cause access out of range. This patch add a check for
'bir'.
Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com
Reviewed-by: Yang Yingliang yangyingliang@huawei.com
Signed-off-by: Yang Yingliang yangyingliang@huawei.com
Signed-off-by: Jialin Zhang zhangjialin11@huawei.com
Reviewed-by: Xiongfeng Wang wangxiongfeng2@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 drivers/pci/msi.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
index 294b16cde9e7..b165a88c8f85 100644
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -706,6 +706,11 @@ static void __iomem *msix_map_region(struct pci_dev *dev, unsigned nr_entries)
    pci_read_config_dword(dev, dev->msix_cap + PCI_MSIX_TABLE,
    		      &table_offset);
    bir = (u8)(table_offset & PCI_MSIX_TABLE_BIR);
+	if (bir >= DEVICE_COUNT_RESOURCE) {
+		dev_err(&dev->dev, "MSI-X Table BIR is out of range !\n");
+		return NULL;
+	}
+
    flags = pci_resource_flags(dev, bir);
    if (!flags || (flags & IORESOURCE_UNSET))
    	return NULL;
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10 70/71] PCI: check BIR before mapping MSI-X Table