On Sat, Oct 25, 2025 at 01:24:29AM +0900, Koichiro Den wrote:
> On Thu, Oct 23, 2025 at 08:06:40PM -0400, Frank Li wrote:
> > On Thu, Oct 23, 2025 at 04:18:52PM +0900, Koichiro Den wrote:
> > > Follow common kernel idioms for indices derived from configfs attributes
> > > and suppress Smatch warnings:
> > >
> > > epf_ntb_mw1_show() warn: potential spectre issue 'ntb->mws_size' [r]
> > > epf_ntb_mw1_store() warn: potential spectre issue 'ntb->mws_size' [w]
> > >
> > > No functional changes.
> > >
> > > Signed-off-by: Koichiro Den <den@valinux.co.jp>
> > > ---
> > > drivers/pci/endpoint/functions/pci-epf-vntb.c | 23 +++++++++++--------
> > > 1 file changed, 14 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> > > index 83e9ab10f9c4..55307cd613c9 100644
> > > --- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
> > > +++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> > > @@ -876,17 +876,19 @@ static ssize_t epf_ntb_##_name##_show(struct config_item *item, \
> > > struct config_group *group = to_config_group(item); \
> > > struct epf_ntb *ntb = to_epf_ntb(group); \
> > > struct device *dev = &ntb->epf->dev; \
> > > - int win_no; \
> > > + int win_no, idx; \
> > > \
> > > if (sscanf(#_name, "mw%d", &win_no) != 1) \
> > > return -EINVAL; \
> > > \
> > > - if (win_no <= 0 || win_no > ntb->num_mws) { \
> > > - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
> > > + idx = win_no - 1; \
> > > + if (idx < 0 || idx >= ntb->num_mws) { \
> > > + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
> > > + win_no, ntb->num_mws); \
> > > return -EINVAL; \
> > > } \
> > > - \
> > > - return sprintf(page, "%lld\n", ntb->mws_size[win_no - 1]); \
> > > + idx = array_index_nospec(idx, ntb->num_mws); \
> > > + return sprintf(page, "%lld\n", ntb->mws_size[idx]); \
> >
> > keep original check if (win_no <= 0 || win_no > ntb->num_mws)
> >
> > just
> > idx = array_index_nospec(win_no - 1, ntb->num_mws);
> > return sprintf(page, "%lld\n", ntb->mws_size[idx]);
> >
> > It should be more simple.
>
> Thanks for the review.
>
> For minimal changes, that makes sense. I'd also like to update the dev_err
> message (the "num_nws" typo, and I think what's invalid is win_no, not
> num_mws). So how about combining your suggestion with the log message
> update?
Okay!
Frank
>
> -Koichiro
>
> >
> > Frank
> > > }
> > >
> > > #define EPF_NTB_MW_W(_name) \
> > > @@ -896,7 +898,7 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
> > > struct config_group *group = to_config_group(item); \
> > > struct epf_ntb *ntb = to_epf_ntb(group); \
> > > struct device *dev = &ntb->epf->dev; \
> > > - int win_no; \
> > > + int win_no, idx; \
> > > u64 val; \
> > > int ret; \
> > > \
> > > @@ -907,12 +909,15 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
> > > if (sscanf(#_name, "mw%d", &win_no) != 1) \
> > > return -EINVAL; \
> > > \
> > > - if (win_no <= 0 || win_no > ntb->num_mws) { \
> > > - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
> > > + idx = win_no - 1; \
> > > + if (idx < 0 || idx >= ntb->num_mws) { \
> > > + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
> > > + win_no, ntb->num_mws); \
> > > return -EINVAL; \
> > > } \
> > > \
> > > - ntb->mws_size[win_no - 1] = val; \
> > > + idx = array_index_nospec(idx, ntb->num_mws); \
> > > + ntb->mws_size[idx] = val; \
> > > \
> > > return len; \
> > > }
> > > --
> > > 2.48.1
> > >