From: Colin Ian King <colin.k...@canonical.com>
Integer index i needs to be a signed int rather than unsigned to avoid
a wrap-around when decrementing in the while loop. For example, if the
debugfs_create_file fails when i is zero, the current situation will
predecrement i in the while loop, wrapping i to the maximum signed
integer and cause multiple out of bounds reads on dfs_fls[i].d as
the loop interates to zero.
Also add (int) cast to fix warning that the original fix attempted
to fix.
Fixes: 7cc4ef8ed132 ("x86/RAS/mce_amd_inj: Fix some W= warnings")
Signed-off-by: Colin Ian King <colin.k...@canonical.com>
---
arch/x86/ras/mce_amd_inj.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/ras/mce_amd_inj.c b/arch/x86/ras/mce_amd_inj.c
index cd318d9..cb9779a 100644
--- a/arch/x86/ras/mce_amd_inj.c
+++ b/arch/x86/ras/mce_amd_inj.c
@@ -440,7 +440,7 @@ static struct dfs_node {
static int __init init_mce_inject(void)
{
- unsigned int i;
+ int i;
u64 cap;
rdmsrl(MSR_IA32_MCG_CAP, cap);
@@ -450,7 +450,7 @@ static int __init init_mce_inject(void)
if (!dfs_inj)
return -EINVAL;
- for (i = 0; i < ARRAY_SIZE(dfs_fls); i++) {
+ for (i = 0; i < (int)ARRAY_SIZE(dfs_fls); i++) {
dfs_fls[i].d = debugfs_create_file(dfs_fls[i].name,
dfs_fls[i].perm,
dfs_inj,
--
2.9.3
