From 1ad82f9db13d85667366044acdfb02009d576c5a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 1 Aug 2025 20:03:35 +0300 Subject: misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl() Commit eefb83790a0d ("misc: pci_endpoint_test: Add doorbell test case") added NO_BAR (-1) to the pci_barno enum which, in practical terms, changes the enum from an unsigned int to a signed int. If the user passes a negative number in pci_endpoint_test_ioctl() then it results in an array underflow in pci_endpoint_test_bar(). Fixes: eefb83790a0d ("misc: pci_endpoint_test: Add doorbell test case") Signed-off-by: Dan Carpenter Signed-off-by: Manivannan Sadhasivam Signed-off-by: Bjorn Helgaas Link: https://patch.msgid.link/aIzzZ4vc6ZrmM9rI@suswa --- drivers/misc/pci_endpoint_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/misc/pci_endpoint_test.c') diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index 1c156a3f845e..f935175d8bf5 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -937,7 +937,7 @@ static long pci_endpoint_test_ioctl(struct file *file, unsigned int cmd, switch (cmd) { case PCITEST_BAR: bar = arg; - if (bar > BAR_5) + if (bar <= NO_BAR || bar > BAR_5) goto ret; if (is_am654_pci_dev(pdev) && bar == BAR_0) goto ret; -- cgit v1.2.3 From cc8e391067164f45f89b6132a5aaa18c33a0e32b Mon Sep 17 00:00:00 2001 From: Christian Bruel Date: Mon, 4 Aug 2025 19:09:14 +0200 Subject: misc: pci_endpoint_test: Skip IRQ tests if irq is out of range The pci_endpoint_test tests the 32-bit MSI range. However, the device might not have all vectors configured. For example, if msi_interrupts is 8 in the ep function space or if the MSI Multiple Message Capable value is configured as 4 (maximum 16 vectors). In this case, do not attempt to run the test to avoid timeouts and directly return the error value. Signed-off-by: Christian Bruel Signed-off-by: Manivannan Sadhasivam Link: https://patch.msgid.link/20250804170916.3212221-2-christian.bruel@foss.st.com --- drivers/misc/pci_endpoint_test.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'drivers/misc/pci_endpoint_test.c') diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index f935175d8bf5..506a2847e5d2 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -436,7 +436,11 @@ static int pci_endpoint_test_msi_irq(struct pci_endpoint_test *test, { struct pci_dev *pdev = test->pdev; u32 val; - int ret; + int irq; + + irq = pci_irq_vector(pdev, msi_num - 1); + if (irq < 0) + return irq; pci_endpoint_test_writel(test, PCI_ENDPOINT_TEST_IRQ_TYPE, msix ? PCITEST_IRQ_TYPE_MSIX : @@ -450,11 +454,7 @@ static int pci_endpoint_test_msi_irq(struct pci_endpoint_test *test, if (!val) return -ETIMEDOUT; - ret = pci_irq_vector(pdev, msi_num - 1); - if (ret < 0) - return ret; - - if (ret != test->last_irq) + if (irq != test->last_irq) return -EIO; return 0; -- cgit v1.2.3 From 384b1b29481e39aae8eb01240d1edf287c7a4145 Mon Sep 17 00:00:00 2001 From: Christian Bruel Date: Mon, 4 Aug 2025 19:09:15 +0200 Subject: misc: pci_endpoint_test: Cleanup extra 0 initialization Initialization is not needed as memory is already set to 0 by devm_kzalloc. Signed-off-by: Christian Bruel [mani: reworded description] Signed-off-by: Manivannan Sadhasivam Link: https://patch.msgid.link/20250804170916.3212221-3-christian.bruel@foss.st.com --- drivers/misc/pci_endpoint_test.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'drivers/misc/pci_endpoint_test.c') diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index 506a2847e5d2..1c0fd185114f 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -1020,8 +1020,6 @@ static int pci_endpoint_test_probe(struct pci_dev *pdev, if (!test) return -ENOMEM; - test->test_reg_bar = 0; - test->alignment = 0; test->pdev = pdev; test->irq_type = PCITEST_IRQ_TYPE_UNDEFINED; -- cgit v1.2.3