misc: pci_endpoint_test: doorbell fixes

[PATCH 0/2] misc: pci_endpoint_test: doorbell fixes

carlos.bilbao@kernel.org posted 2 patches 2 months, 1 week ago

Download series mbox

drivers/misc/pci_endpoint_test.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

Expand all Fold all

[PATCH 0/2] misc: pci_endpoint_test: doorbell fixes

Posted by carlos.bilbao@kernel.org 2 months, 1 week ago

From: Carlos Bilbao <carlos.bilbao@kernel.org>

pci_endpoint_test_doorbell() reads the BAR number from the endpoint's test
register space and uses it directly as an index into test->bar[] without
bounds checking.  Since the value is a raw u32 written by the endpoint
firmware, any value is possible; values >= PCI_STD_NUM_BARS result in an
out-of-bounds array access.

Patch 1 adds the missing bounds check.

Patch 2 removes a dead read of the same register that precedes the writel
sequence; the DB_BAR register carries no read side effect and the assigned
value is unconditionally overwritten before use.

 Carlos Bilbao (2):
   misc: pci_endpoint_test: validate BAR index in doorbell test
   misc: pci_endpoint_test: remove dead BAR read before doorbell trigger

---
 drivers/misc/pci_endpoint_test.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)