cxl/pci: Handle excessive CDAT length

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00

commit 4fe2c13d59 upstream.

If the length in the CDAT header is larger than the concatenation of the
header and all table entries, then the CDAT exposed to user space
contains trailing null bytes.

Not every consumer may be able to handle that.  Per Postel's robustness
principle, "be liberal in what you accept" and silently reduce the
cached length to avoid exposing those null bytes.

Fixes: c97006046c ("cxl/port: Read CDAT table")
Tested-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: stable@vger.kernel.org # v6.0+
Link: https://lore.kernel.org/r/6d98b3c7da5343172bd3ccabfabbc1f31c079d74.1678543498.git.lukas@wunner.de
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This commit is contained in:

Lukas Wunner

2023-03-11 15:40:04 +01:00

committed by

Greg Kroah-Hartman

parent 69972f342d

commit 716f8b05cc

1 changed files with 3 additions and 0 deletions

									
										3

drivers/cxl/core/pci.c
									
										View file
										
				@ -582,6 +582,9 @@ static int cxl_cdat_read_table(struct device *dev,

						}

					} while (entry_handle != CXL_DOE_TABLE_ACCESS_LAST_ENTRY);

					/* Length in CDAT header may exceed concatenation of CDAT entries */

					cdat->length -= length;

					return 0;

				}

cxl/pci: Handle excessive CDAT length

3 drivers/cxl/core/pci.c Unescape Escape View file

3

drivers/cxl/core/pci.c

View file