diff options
| author |   Philipp Stanner <phasta@kernel.org> | 2025-03-12 09:06:35 +0100 |
|---|---|---|
| committer |   Bjorn Helgaas <bhelgaas@google.com> | 2025-03-14 10:35:12 -0500 |
| commit | b1a7f99967fc0c052db8e65b449c7b32b1e9177f (patch) | |
| tree | c85e5106a47cd519f1426642878fdf3240185108 /net/lapb/lapb_timer.c | |
| parent | PCI: Fix wrong length of devres array (diff) | |
| download | wireguard-linux-b1a7f99967fc0c052db8e65b449c7b32b1e9177f.tar.xz wireguard-linux-b1a7f99967fc0c052db8e65b449c7b32b1e9177f.zip | |
PCI: Check BAR index for validity
Many functions in PCI use accessor macros such as pci_resource_len(),
which take a BAR index. That index, however, is never checked for
validity, potentially resulting in undefined behavior by overflowing the
array pci_dev.resource in the macro pci_resource_n().
Since many users of those macros directly assign the accessed value to
an unsigned integer, the macros cannot be changed easily anymore to
return -EINVAL for invalid indexes. Consequently, the problem has to be
mitigated in higher layers.
Add pci_bar_index_valid(). Use it where appropriate.
Link: https://lore.kernel.org/r/20250312080634.13731-4-phasta@kernel.org
Closes: https://lore.kernel.org/all/adb53b1f-29e1-3d14-0e61-351fd2d3ff0d@linux.intel.com/
Reported-by: Bingbu Cao <bingbu.cao@linux.intel.com>
Signed-off-by: Philipp Stanner <phasta@kernel.org>
[kwilczynski: correct if-statement condition the pci_bar_index_is_valid()
helper function uses, tidy up code comments]
Signed-off-by: Krzysztof WilczyĆski <kwilczynski@kernel.org>
[bhelgaas: fix typo]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Diffstat (limited to 'net/lapb/lapb_timer.c')
0 files changed, 0 insertions, 0 deletions