[PATCH OLK-6.6 v2] PCI: check BIR before mapping MSI-X Table - Kernel

22 Jan 2024

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8XWD4
CVE: NA
-------------------
We use 'bir' as the index of array resource[DEVICE_COUNT_RESOURCE].
Wrong 'bir' will cause access out of range. This patch add a check for
'bir'.
Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com
Reviewed-by: Yang Yingliang yangyingliang@huawei.com
Signed-off-by: Jialin Zhang zhangjialin11@huawei.com
 Conflicts:
    drivers/pci/msi.c
Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com
---
 drivers/pci/msi/msi.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/pci/msi/msi.c b/drivers/pci/msi/msi.c
index ef1d8857a51b..21355bfe58a3 100644
--- a/drivers/pci/msi/msi.c
+++ b/drivers/pci/msi/msi.c
@@ -559,6 +559,11 @@ static void __iomem *msix_map_region(struct pci_dev *dev,
    pci_read_config_dword(dev, dev->msix_cap + PCI_MSIX_TABLE,
    		      &table_offset);
    bir = (u8)(table_offset & PCI_MSIX_TABLE_BIR);
+	if (bir >= DEVICE_COUNT_RESOURCE) {
+		dev_err(&dev->dev, "MSI-X Table BIR is out of range !\n");
+		return NULL;
+	}
+
    flags = pci_resource_flags(dev, bir);
    if (!flags || (flags & IORESOURCE_UNSET))
    	return NULL;
-- 
2.20.1


    