From 4a7ce8334965bf175344f49bb933e45fa4db02f5 Mon Sep 17 00:00:00 2001
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Date: Mon, 2 Oct 2023 21:04:15 +0200
Subject: PCI/P2PDMA: Fix undefined behavior bug in struct pci_p2pdma_pagemap

Struct dev_pagemap is a flexible structure, which means that it contains a
flexible-array member.  If dev_pagemap.nr_range > 1, the memory following
the dev_pagemap could be overwritten.

This is currently not an issue because pci_p2pdma_pagemap is not exposed
outside p2pdma.c, and p2pdma.c only sets dev_pagemap.nr_range to 1.

To prevent problems if p2pdma.c ever uses nr_range > 1, move the flexible
struct dev_pagemap to the end of struct pci_p2pdma_pagemap.

-Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
ready to enable it globally.

Link: https://lore.kernel.org/r/ZRsUL/hATNruwtla@work
Signed-off-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
[bhelgaas: commit log]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
---
 drivers/pci/p2pdma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers')

diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
index fa7370f9561a..ab34d3d36a64 100644
--- a/drivers/pci/p2pdma.c
+++ b/drivers/pci/p2pdma.c
@@ -28,9 +28,9 @@ struct pci_p2pdma {
 };
 
 struct pci_p2pdma_pagemap {
-	struct dev_pagemap pgmap;
 	struct pci_dev *provider;
 	u64 bus_offset;
+	struct dev_pagemap pgmap;
 };
 
 static struct pci_p2pdma_pagemap *to_p2p_pgmap(struct dev_pagemap *pgmap)
-- 
cgit v1.2.3


From 805b196fb3bceda87f785ac34824fff9246c800f Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tstruk@gmail.com>
Date: Mon, 23 Oct 2023 10:40:50 +0200
Subject: PCI/P2PDMA: Remove redundant goto

Remove redundant goto in pci_alloc_p2pmem().

Link: https://lore.kernel.org/r/20231023084050.55230-1-tstruk@gmail.com
Signed-off-by: Tadeusz Struk <tstruk@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
---
 drivers/pci/p2pdma.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'drivers')

diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
index ab34d3d36a64..0c361561b855 100644
--- a/drivers/pci/p2pdma.c
+++ b/drivers/pci/p2pdma.c
@@ -837,7 +837,6 @@ void *pci_alloc_p2pmem(struct pci_dev *pdev, size_t size)
 	if (unlikely(!percpu_ref_tryget_live_rcu(ref))) {
 		gen_pool_free(p2pdma->pool, (unsigned long) ret, size);
 		ret = NULL;
-		goto out;
 	}
 out:
 	rcu_read_unlock();
-- 
cgit v1.2.3