On Thu, Dec 18, 2025 at 12:15:35AM +0900, Koichiro Den wrote:
> Follow common kernel idioms for indices derived from configfs attributes
> and suppress Smatch warnings:
>
> epf_ntb_mw1_show() warn: potential spectre issue 'ntb->mws_size' [r]
> epf_ntb_mw1_store() warn: potential spectre issue 'ntb->mws_size' [w]
>
> Also fix the error message for out-of-range MW indices and %lld format
> for unsigned values.
>
> Signed-off-by: Koichiro Den <den@valinux.co.jp>
> ---
Reviewed-by: Frank Li <Frank.Li@nxp.com>
> Note: I noticed [RFC PATCH v2 01/27] resurrected the Smatch warnings
> https://lore.kernel.org/all/20251129160405.2568284-2-den@valinux.co.jp/
> This RFC v3 version therefore reverts to the RFC v1 style, with one
> additional fix to correct the sprintf format specifier (%lld->%llu).
> ---
> drivers/pci/endpoint/functions/pci-epf-vntb.c | 24 +++++++++++--------
> 1 file changed, 14 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> index 3ecc5059f92b..56aab5d354d6 100644
> --- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
> +++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
> @@ -995,17 +995,19 @@ static ssize_t epf_ntb_##_name##_show(struct config_item *item, \
> struct config_group *group = to_config_group(item); \
> struct epf_ntb *ntb = to_epf_ntb(group); \
> struct device *dev = &ntb->epf->dev; \
> - int win_no; \
> + int win_no, idx; \
> \
> if (sscanf(#_name, "mw%d", &win_no) != 1) \
> return -EINVAL; \
> \
> - if (win_no <= 0 || win_no > ntb->num_mws) { \
> - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
> + idx = win_no - 1; \
> + if (idx < 0 || idx >= ntb->num_mws) { \
> + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
> + win_no, ntb->num_mws); \
> return -EINVAL; \
> } \
> - \
> - return sprintf(page, "%lld\n", ntb->mws_size[win_no - 1]); \
> + idx = array_index_nospec(idx, ntb->num_mws); \
> + return sprintf(page, "%llu\n", ntb->mws_size[idx]); \
> }
>
> #define EPF_NTB_MW_W(_name) \
> @@ -1015,7 +1017,7 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
> struct config_group *group = to_config_group(item); \
> struct epf_ntb *ntb = to_epf_ntb(group); \
> struct device *dev = &ntb->epf->dev; \
> - int win_no; \
> + int win_no, idx; \
> u64 val; \
> int ret; \
> \
> @@ -1026,12 +1028,14 @@ static ssize_t epf_ntb_##_name##_store(struct config_item *item, \
> if (sscanf(#_name, "mw%d", &win_no) != 1) \
> return -EINVAL; \
> \
> - if (win_no <= 0 || win_no > ntb->num_mws) { \
> - dev_err(dev, "Invalid num_nws: %d value\n", ntb->num_mws); \
> + idx = win_no - 1; \
> + if (idx < 0 || idx >= ntb->num_mws) { \
> + dev_err(dev, "MW%d out of range (num_mws=%d)\n", \
> + win_no, ntb->num_mws); \
> return -EINVAL; \
> } \
> - \
> - ntb->mws_size[win_no - 1] = val; \
> + idx = array_index_nospec(idx, ntb->num_mws); \
> + ntb->mws_size[idx] = val; \
> \
> return len; \
> }
> --
> 2.51.0
>