[RFC PATCH v3 01/35] PCI: endpoint: pci-epf-vntb: Use array_index_nospec() on mws_size[] access
From: Koichiro Den <hidden>
Date: 2025-12-17 15:32:21
Also in:
dmaengine, linux-pci, linux-renesas-soc, lkml
Subsystem:
ntb driver core, pci endpoint subsystem, pci subsystem, the rest · Maintainers:
Jon Mason, Dave Jiang, Allen Hubbe, Manivannan Sadhasivam, Krzysztof Wilczyński, Bjorn Helgaas, Linus Torvalds
Follow common kernel idioms for indices derived from configfs attributes and suppress Smatch warnings: epf_ntb_mw1_show() warn: potential spectre issue 'ntb->mws_size' [r] epf_ntb_mw1_store() warn: potential spectre issue 'ntb->mws_size' [w] Also fix the error message for out-of-range MW indices and %lld format for unsigned values. Signed-off-by: Koichiro Den <redacted> --- Note: I noticed [RFC PATCH v2 01/27] resurrected the Smatch warnings https://lore.kernel.org/all/20251129160405.2568284-2-den@valinux.co.jp/ (local) This RFC v3 version therefore reverts to the RFC v1 style, with one additional fix to correct the sprintf format specifier (%lld->%llu). --- drivers/pci/endpoint/functions/pci-epf-vntb.c | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
index 3ecc5059f92b..56aab5d354d6 100644
--- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
+++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c@@ -995,17 +995,19 @@ static ssize_t epf_ntb_##_name##_show(struct config_item *item, \ struct config_group *group = to_config_group(item); \ struct epf_ntb *ntb = to_epf_ntb(group); \ struct device *dev = &ntb->epf->dev; \ - int win_no; \ + int win_no, idx; \ \ if (sscanf(#_name, "mw%d", &win_no) != 1) \ return -EINVAL; \ \ - if (win_no <= 0 || win_no > ntb->num_mws) { \ - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \ + idx = win_no - 1; \ + if (idx < 0 || idx >= ntb->num_mws) { \ + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \ + win_no, ntb->num_mws); \ return -EINVAL; \ } \ - \ - return sprintf(page, "%lld\n", ntb->mws_size[win_no - 1]); \ + idx = array_index_nospec(idx, ntb->num_mws); \ + return sprintf(page, "%llu\n", ntb->mws_size[idx]); \ } #define EPF_NTB_MW_W(_name) \
@@ -1015,7 +1017,7 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \ struct config_group *group = to_config_group(item); \ struct epf_ntb *ntb = to_epf_ntb(group); \ struct device *dev = &ntb->epf->dev; \ - int win_no; \ + int win_no, idx; \ u64 val; \ int ret; \ \
@@ -1026,12 +1028,14 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \ if (sscanf(#_name, "mw%d", &win_no) != 1) \ return -EINVAL; \ \ - if (win_no <= 0 || win_no > ntb->num_mws) { \ - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \ + idx = win_no - 1; \ + if (idx < 0 || idx >= ntb->num_mws) { \ + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \ + win_no, ntb->num_mws); \ return -EINVAL; \ } \ - \ - ntb->mws_size[win_no - 1] = val; \ + idx = array_index_nospec(idx, ntb->num_mws); \ + ntb->mws_size[idx] = val; \ \ return len; \ }
--
2.51.0