On Tue, 17 Dec 2024, Hans Zhang wrote:
> The return type of the API is inconsistent. Inconsistencies may
> result in out-of-bounds.
I'm not sure how out-of-bounds access would happen. On which line you see
that possibility?
> If the bar size of the EP device exceeds
BAR size
> 4G, this bar_Size will be equal to 0.
bar_size
> For example, there is an EP device, the bar0 size is 16MB, bar1
> size is 32MB, bar2 size is 8GB. When testing bar2, barno equals
> BAR2. Then run pcitest -b 2, console will output "TEST FAILED".
I think bar0 and bar1 information could simply be dropped since they're
unrelated. I think this would be enough information:
With 8GB BAR2, running pcitest -b 2 fails with "TEST FAILED".
> Variable declaration of bar_size is int, the range less than or
> equal 2G. The return value of pci_resource_len is resource_size_t.
>
> Signed-off-by: Hans Zhang <18255117159@xxxxxxx>
> ---
> drivers/misc/pci_endpoint_test.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
> index 3aaaf47fa4ee..414c4e55fb0a 100644
> --- a/drivers/misc/pci_endpoint_test.c
> +++ b/drivers/misc/pci_endpoint_test.c
> @@ -280,10 +280,11 @@ static int pci_endpoint_test_bar_memcmp(struct pci_endpoint_test *test,
> static bool pci_endpoint_test_bar(struct pci_endpoint_test *test,
> enum pci_barno barno)
> {
> - int j, bar_size, buf_size, iters, remain;
> void *write_buf __free(kfree) = NULL;
> void *read_buf __free(kfree) = NULL;
> struct pci_dev *pdev = test->pdev;
> + int j, buf_size, iters, remain;
> + resource_size_t bar_size;
>
> if (!test->bar[barno])
> return false;
>
The code change itself is good.
--
i.
