22 Aug
2024
22 Aug
'24
2:47 p.m.
On Thu, Aug 22, 2024 at 03:47:39PM +0200, Philipp Stanner wrote:
In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string.
Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared.
Fix the bug by allocating the strings on the heap through devm_kasprintf().
...
- snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev));
- name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev));
- if (!name)
return -ENOMEM;- ret = pcim_iomap_regions(pdev, mask, name);
...
- snprintf(name, sizeof(name), "snet[%s]-bar", pci_name(pdev));
- name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev));
- if (!name)
return -ENOMEM;
+ Blank line as in the above snippet?
/* Request and map BAR */ ret = pcim_iomap_regions(pdev, BIT(snet->psnet->cfg.vf_bar), name);
--
With Best Regards,
Andy Shevchenko