| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251023071916.901355-2-den@valinux.co.jp>
Date: Thu, 23 Oct 2025 16:18:52 +0900
From: Koichiro Den <den@...inux.co.jp>
To: ntb@...ts.linux.dev,
linux-pci@...r.kernel.org,
dmaengine@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: mani@...nel.org,
kwilczynski@...nel.org,
kishon@...nel.org,
bhelgaas@...gle.com,
corbet@....net,
vkoul@...nel.org,
jdmason@...zu.us,
dave.jiang@...el.com,
allenbh@...il.com,
Basavaraj.Natikar@....com,
Shyam-sundar.S-k@....com,
kurt.schwemmer@...rosemi.com,
logang@...tatee.com,
jingoohan1@...il.com,
lpieralisi@...nel.org,
robh@...nel.org,
jbrunet@...libre.com,
Frank.Li@....com,
fancer.lancer@...il.com,
arnd@...db.de,
pstanner@...hat.com,
elfring@...rs.sourceforge.net
Subject: [RFC PATCH 01/25] PCI: endpoint: pci-epf-vntb: Use array_index_nospec() on mws_size[] access
Follow common kernel idioms for indices derived from configfs attributes
and suppress Smatch warnings:
epf_ntb_mw1_show() warn: potential spectre issue 'ntb->mws_size' [r]
epf_ntb_mw1_store() warn: potential spectre issue 'ntb->mws_size' [w]
No functional changes.
Signed-off-by: Koichiro Den <den@...inux.co.jp>
---
drivers/pci/endpoint/functions/pci-epf-vntb.c | 23 +++++++++++--------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
index 83e9ab10f9c4..55307cd613c9 100644
--- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
+++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
@@ -876,17 +876,19 @@ static ssize_t epf_ntb_##_name##_show(struct config_item *item, \
struct config_group *group = to_config_group(item); \
struct epf_ntb *ntb = to_epf_ntb(group); \
struct device *dev = &ntb->epf->dev; \
- int win_no; \
+ int win_no, idx; \
\
if (sscanf(#_name, "mw%d", &win_no) != 1) \
return -EINVAL; \
\
- if (win_no <= 0 || win_no > ntb->num_mws) { \
- dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
+ idx = win_no - 1; \
+ if (idx < 0 || idx >= ntb->num_mws) { \
+ dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
+ win_no, ntb->num_mws); \
return -EINVAL; \
} \
- \
- return sprintf(page, "%lld\n", ntb->mws_size[win_no - 1]); \
+ idx = array_index_nospec(idx, ntb->num_mws); \
+ return sprintf(page, "%lld\n", ntb->mws_size[idx]); \
}
#define EPF_NTB_MW_W(_name) \
@@ -896,7 +898,7 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
struct config_group *group = to_config_group(item); \
struct epf_ntb *ntb = to_epf_ntb(group); \
struct device *dev = &ntb->epf->dev; \
- int win_no; \
+ int win_no, idx; \
u64 val; \
int ret; \
\
@@ -907,12 +909,15 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
if (sscanf(#_name, "mw%d", &win_no) != 1) \
return -EINVAL; \
\
- if (win_no <= 0 || win_no > ntb->num_mws) { \
- dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
+ idx = win_no - 1; \
+ if (idx < 0 || idx >= ntb->num_mws) { \
+ dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
+ win_no, ntb->num_mws); \
return -EINVAL; \
} \
\
- ntb->mws_size[win_no - 1] = val; \
+ idx = array_index_nospec(idx, ntb->num_mws); \
+ ntb->mws_size[idx] = val; \
\
return len; \
}
--
2.48.1
Powered by blists - more mailing lists