Patch "powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set}" has been added to the 5.4-stable tree

[Sasha Levin <sashal@xxxxxxxxxx>]

This is a note to let you know that I've just added the patch titled

    powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set}

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-papr_scm-fix-an-off-by-one-check-in-papr_scm.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit a12b7d2f722e7496d02dd9dd0984f10f7ae091e5
Author: Vaibhav Jain <vaibhav@xxxxxxxxxxxxx>
Date:   Fri Sep 27 11:50:02 2019 +0530

    powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set}
    
    [ Upstream commit 612ee81b9461475b5a5612c2e8d71559dd3c7920 ]
    
    A validation check to prevent out of bounds read/write inside
    functions papr_scm_meta_{get,set}() is off-by-one that prevent reads
    and writes to the last byte of the label area.
    
    This bug manifests as a failure to probe a dimm when libnvdimm is
    unable to read the entire config-area as advertised by
    ND_CMD_GET_CONFIG_SIZE. This usually happens when there are large
    number of namespaces created in the region backed by the dimm and the
    label-index spans max possible config-area. An error of the form below
    usually reported in the kernel logs:
    
    [  255.293912] nvdimm: probe of nmem0 failed with error -22
    
    The patch fixes these validation checks there by letting libnvdimm
    access the entire config-area.
    
    Fixes: 53e80bd042773('powerpc/nvdimm: Add support for multibyte read/write for metadata')
    Signed-off-by: Vaibhav Jain <vaibhav@xxxxxxxxxxxxx>
    Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20190927062002.3169-1-vaibhav@xxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
index 61883291defc..ee07d0718bf1 100644
--- a/arch/powerpc/platforms/pseries/papr_scm.c
+++ b/arch/powerpc/platforms/pseries/papr_scm.c
@@ -152,7 +152,7 @@ static int papr_scm_meta_get(struct papr_scm_priv *p,
 	int len, read;
 	int64_t ret;
 
-	if ((hdr->in_offset + hdr->in_length) >= p->metadata_size)
+	if ((hdr->in_offset + hdr->in_length) > p->metadata_size)
 		return -EINVAL;
 
 	for (len = hdr->in_length; len; len -= read) {
@@ -206,7 +206,7 @@ static int papr_scm_meta_set(struct papr_scm_priv *p,
 	__be64 data_be;
 	int64_t ret;
 
-	if ((hdr->in_offset + hdr->in_length) >= p->metadata_size)
+	if ((hdr->in_offset + hdr->in_length) > p->metadata_size)
 		return -EINVAL;
 
 	for (len = hdr->in_length; len; len -= wrote) {