tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

vdpa: solidrun: Fix UB bug with devres

In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to
pcim_iomap_regions() is placed on the stack. Neither
pcim_iomap_regions() nor the functions it calls copy that string.

Should the string later ever be used, this, consequently, causes
undefined behavior since the stack frame will by then have disappeared.

Fix the bug by allocating the strings on the heap through
devm_kasprintf().

Cc: stable@vger.kernel.org # v6.3
Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.")
Reported-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/
Suggested-by: Andy Shevchenko <andy@kernel.org>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20241028074357.9104-3-pstanner@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

authored by

Philipp Stanner and committed by
Michael S. Tsirkin 0b364cf5 6ca57537

+10 -4
+10 -4
drivers/vdpa/solidrun/snet_main.c
··· 555 555 556 556 static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) 557 557 { 558 - char name[50]; 558 + char *name; 559 559 int ret, i, mask = 0; 560 560 /* We don't know which BAR will be used to communicate.. 561 561 * We will map every bar with len > 0. ··· 573 573 return -ENODEV; 574 574 } 575 575 576 - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); 576 + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); 577 + if (!name) 578 + return -ENOMEM; 579 + 577 580 ret = pcim_iomap_regions(pdev, mask, name); 578 581 if (ret) { 579 582 SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); ··· 593 590 594 591 static int snet_open_vf_bar(struct pci_dev *pdev, struct snet *snet) 595 592 { 596 - char name[50]; 593 + char *name; 597 594 int ret; 598 595 599 - snprintf(name, sizeof(name), "snet[%s]-bar", pci_name(pdev)); 596 + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "snet[%s]-bars", pci_name(pdev)); 597 + if (!name) 598 + return -ENOMEM; 599 + 600 600 /* Request and map BAR */ 601 601 ret = pcim_iomap_regions(pdev, BIT(snet->psnet->cfg.vf_bar), name); 602 602 if (ret) {