Patch "PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     pci-avoid-potential-out-of-bounds-read-in-pci_dev_fo.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 77fa2cd2145ed15e3bb76a3a210fece0ff15da89
Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Date:   Mon Oct 30 13:42:18 2023 +0200

    PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()
    
    [ Upstream commit 3171e46d677a668eed3086da78671f1e4f5b8405 ]
    
    Coverity complains that pointer in the pci_dev_for_each_resource() may be
    wrong, i.e., might be used for the out-of-bounds read.
    
    There is no actual issue right now because we have another check afterwards
    and the out-of-bounds read is not being performed. In any case it's better
    code with this fixed, hence the proposed change.
    
    As Jonas pointed out "It probably makes the code slightly less performant
    as res will now be checked for being not NULL (which will always be true),
    but I doubt it will be significant (or in any hot paths)."
    
    Fixes: 09cc90063240 ("PCI: Introduce pci_dev_for_each_resource()")
    Reported-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
    Closes: https://lore.kernel.org/r/20230509182122.GA1259567@bhelgaas
    Suggested-by: Jonas Gorski <jonas.gorski@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20231030114218.2752236-1-andriy.shevchenko@xxxxxxxxxxxxxxx
    Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
    Signed-off-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/include/linux/pci.h b/include/linux/pci.h
index 1596b1205b8d..3af5f2998551 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -2101,14 +2101,14 @@ int pci_iobar_pfn(struct pci_dev *pdev, int bar, struct vm_area_struct *vma);
 	(pci_resource_end((dev), (bar)) ? 				\
 	 resource_size(pci_resource_n((dev), (bar))) : 0)
 
-#define __pci_dev_for_each_res0(dev, res, ...)				\
-	for (unsigned int __b = 0;					\
-	     res = pci_resource_n(dev, __b), __b < PCI_NUM_RESOURCES;	\
+#define __pci_dev_for_each_res0(dev, res, ...)				  \
+	for (unsigned int __b = 0;					  \
+	     __b < PCI_NUM_RESOURCES && (res = pci_resource_n(dev, __b)); \
 	     __b++)
 
-#define __pci_dev_for_each_res1(dev, res, __b)				\
-	for (__b = 0;							\
-	     res = pci_resource_n(dev, __b), __b < PCI_NUM_RESOURCES;	\
+#define __pci_dev_for_each_res1(dev, res, __b)				  \
+	for (__b = 0;							  \
+	     __b < PCI_NUM_RESOURCES && (res = pci_resource_n(dev, __b)); \
 	     __b++)
 
 #define pci_dev_for_each_resource(dev, res, ...)			\




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux