On 13.10.2021 20:53, Bjorn Helgaas wrote:
> On Wed, Oct 13, 2021 at 08:19:59PM +0200, Heiner Kallweit wrote:
>> Recent bug fix 00e1a5d21b4f ("PCI/VPD: Defer VPD sizing until first
>> access") interferes with the original change, resulting in a stack
>> overflow. The following fix has been successfully tested by Qian
>> and myself.
>
> What does "the original change" refer to? 80484b7f8db1? I guess the
> stack overflow is an unintended recursion? Is there a URL to Qian's
> bug report with more details that we can include here?
>
1. yes
2. yes
3. https://lore.kernel.org/netdev/e89087c5-c495-c5ca-feb1-54cf3a8775c5@xxxxxxxxxxx/
>> Fixes: 80484b7f8db1 ("PCI/VPD: Use pci_read_vpd_any() in pci_vpd_size()")
>> Reported-by: Qian Cai <quic_qiancai@xxxxxxxxxxx>
>> Tested-by: Qian Cai <quic_qiancai@xxxxxxxxxxx>
>> Signed-off-by: Heiner Kallweit <hkallweit1@xxxxxxxxx>
>> ---
>> drivers/pci/vpd.c | 18 +++++++++++-------
>> 1 file changed, 11 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
>> index 5108bbd20..a4fc4d069 100644
>> --- a/drivers/pci/vpd.c
>> +++ b/drivers/pci/vpd.c
>> @@ -96,14 +96,14 @@ static size_t pci_vpd_size(struct pci_dev *dev)
>> return off ?: PCI_VPD_SZ_INVALID;
>> }
>>
>> -static bool pci_vpd_available(struct pci_dev *dev)
>> +static bool pci_vpd_available(struct pci_dev *dev, bool check_size)
>> {
>> struct pci_vpd *vpd = &dev->vpd;
>>
>> if (!vpd->cap)
>> return false;
>>
>> - if (vpd->len == 0) {
>> + if (vpd->len == 0 && check_size) {
>> vpd->len = pci_vpd_size(dev);
>> if (vpd->len == PCI_VPD_SZ_INVALID) {
>> vpd->cap = 0;
>> @@ -156,17 +156,19 @@ static ssize_t pci_vpd_read(struct pci_dev *dev, loff_t pos, size_t count,
>> void *arg, bool check_size)
>> {
>> struct pci_vpd *vpd = &dev->vpd;
>> - unsigned int max_len = check_size ? vpd->len : PCI_VPD_MAX_SIZE;
>> + unsigned int max_len;
>> int ret = 0;
>> loff_t end = pos + count;
>> u8 *buf = arg;
>>
>> - if (!pci_vpd_available(dev))
>> + if (!pci_vpd_available(dev, check_size))
>> return -ENODEV;
>>
>> if (pos < 0)
>> return -EINVAL;
>>
>> + max_len = check_size ? vpd->len : PCI_VPD_MAX_SIZE;
>> +
>> if (pos >= max_len)
>> return 0;
>>
>> @@ -218,17 +220,19 @@ static ssize_t pci_vpd_write(struct pci_dev *dev, loff_t pos, size_t count,
>> const void *arg, bool check_size)
>> {
>> struct pci_vpd *vpd = &dev->vpd;
>> - unsigned int max_len = check_size ? vpd->len : PCI_VPD_MAX_SIZE;
>> + unsigned int max_len;
>> const u8 *buf = arg;
>> loff_t end = pos + count;
>> int ret = 0;
>>
>> - if (!pci_vpd_available(dev))
>> + if (!pci_vpd_available(dev, check_size))
>> return -ENODEV;
>>
>> if (pos < 0 || (pos & 3) || (count & 3))
>> return -EINVAL;
>>
>> + max_len = check_size ? vpd->len : PCI_VPD_MAX_SIZE;
>> +
>> if (end > max_len)
>> return -EINVAL;
>>
>> @@ -312,7 +316,7 @@ void *pci_vpd_alloc(struct pci_dev *dev, unsigned int *size)
>> void *buf;
>> int cnt;
>>
>> - if (!pci_vpd_available(dev))
>> + if (!pci_vpd_available(dev, true))
>> return ERR_PTR(-ENODEV);
>>
>> len = dev->vpd.len;
>> --
>> 2.33.0
>>
