PCI/P2PDMA: Fix undefined behavior bug in struct pci_p2pdma_pagemap

GustavoARSilva · bjorn-helgaas · commit 4a7ce8334965 · 2023-10-03T17:13:38.000-05:00
Struct dev_pagemap is a flexible structure, which means that it contains a flexible-array member. If dev_pagemap.nr_range > 1, the memory following the dev_pagemap could be overwritten. This is currently not an issue because pci_p2pdma_pagemap is not exposed outside p2pdma.c, and p2pdma.c only sets dev_pagemap.nr_range to 1. To prevent problems if p2pdma.c ever uses nr_range > 1, move the flexible struct dev_pagemap to the end of struct pci_p2pdma_pagemap. -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting ready to enable it globally. Link: https://lore.kernel.org/r/ZRsUL/hATNruwtla@work Signed-off-by: "Gustavo A. R. Silva" <gustavoars@kernel.org> [bhelgaas: commit log] Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
@@ -28,9 +28,9 @@ struct pci_p2pdma {
 };
 
 struct pci_p2pdma_pagemap {
-	struct dev_pagemap pgmap;
 	struct pci_dev *provider;
 	u64 bus_offset;
+	struct dev_pagemap pgmap;
 };
 
 static struct pci_p2pdma_pagemap *to_p2p_pgmap(struct dev_pagemap *pgmap)
