[PATCH 5.4 023/344] PCI: Fix pci_add_dma_alias() bitmask size

From: Greg Kroah-Hartman
Date: Fri Feb 21 2020 - 03:02:05 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 024/344] drm/amd/display: Map ODM memory correctly when doing ODM combine"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 022/344] brcmfmac: Fix use after free in brcmf_sdio_readframes()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 022/344] brcmfmac: Fix use after free in brcmf_sdio_readframes()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 024/344] drm/amd/display: Map ODM memory correctly when doing ODM combine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: James Sewart <jamessewart@xxxxxxxxxx>

[ Upstream commit f8bf2aeb651b3460a4b36fd7ba1ba1d31777d35c ]

The number of possible devfns is 256, but pci_add_dma_alias() allocated a
bitmap of size 255. Fix this off-by-one error.

This fixes commits 338c3149a221 ("PCI: Add support for multiple DMA
aliases") and c6635792737b ("PCI: Allocate dma_alias_mask with
bitmap_zalloc()"), but I doubt it was possible to see a problem because
it takes 4 64-bit longs (or 8 32-bit longs) to hold 255 bits, and
bitmap_zalloc() doesn't save the 255-bit size anywhere.

[bhelgaas: commit log, move #define to drivers/pci/pci.h, include loop
limit fix from Qian Cai:
https://lore.kernel.org/r/20191218170004.5297-1-cai@xxxxxx]
Signed-off-by: James Sewart <jamessewart@xxxxxxxxxx>
Signed-off-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
Reviewed-by: Logan Gunthorpe <logang@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/pci/pci.c | 2 +-
drivers/pci/pci.h | 3 +++
drivers/pci/search.c | 4 ++--
3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index fcfaadc774eef..cbf3d3889874c 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -5894,7 +5894,7 @@ EXPORT_SYMBOL_GPL(pci_pr3_present);
void pci_add_dma_alias(struct pci_dev *dev, u8 devfn)
{
if (!dev->dma_alias_mask)
- dev->dma_alias_mask = bitmap_zalloc(U8_MAX, GFP_KERNEL);
+ dev->dma_alias_mask = bitmap_zalloc(MAX_NR_DEVFNS, GFP_KERNEL);
if (!dev->dma_alias_mask) {
pci_warn(dev, "Unable to allocate DMA alias mask\n");
return;
diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
index 3f6947ee3324a..273d60cb0762d 100644
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
@@ -4,6 +4,9 @@

#include <linux/pci.h>

+/* Number of possible devfns: 0.0 to 1f.7 inclusive */
+#define MAX_NR_DEVFNS 256
+
#define PCI_FIND_CAP_TTL 48

#define PCI_VSEC_ID_INTEL_TBT 0x1234 /* Thunderbolt */
diff --git a/drivers/pci/search.c b/drivers/pci/search.c
index bade14002fd8a..e4dbdef5aef05 100644
--- a/drivers/pci/search.c
+++ b/drivers/pci/search.c
@@ -41,9 +41,9 @@ int pci_for_each_dma_alias(struct pci_dev *pdev,
* DMA, iterate over that too.
*/
if (unlikely(pdev->dma_alias_mask)) {
- u8 devfn;
+ unsigned int devfn;

- for_each_set_bit(devfn, pdev->dma_alias_mask, U8_MAX) {
+ for_each_set_bit(devfn, pdev->dma_alias_mask, MAX_NR_DEVFNS) {
ret = fn(pdev, PCI_DEVID(pdev->bus->number, devfn),
data);
if (ret)
--
2.20.1

Next message: Greg Kroah-Hartman: "[PATCH 5.4 024/344] drm/amd/display: Map ODM memory correctly when doing ODM combine"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 022/344] brcmfmac: Fix use after free in brcmf_sdio_readframes()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 022/344] brcmfmac: Fix use after free in brcmf_sdio_readframes()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 024/344] drm/amd/display: Map ODM memory correctly when doing ODM combine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]