[PATCH 1/2] x86/RAS/mce_amd_inj: Fix signed wrap around when decrementing index i

[Borislav Petkov]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

Change predecrement compare to post decrement compare to avoid an
unsigned integer wrap-around comparisomn when decrementing in the while
loop.

For example, if the debugfs_create_file() fails when i is zero, the
current situation will predecrement i in the while loop, wrapping i to
the maximum signed integer and cause multiple out of bounds reads on
dfs_fls[i].d as the loop interates to zero.

Also, as Borislav Petkov suggested, return -ENODEV rather than -ENOMEM
on the error condition.

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Cc: Yazen Ghannam <Yazen.Ghannam@xxxxxxx>
Cc: x86-ml <x86@xxxxxxxxxx>
Link: http://lkml.kernel.org/r/20160917101750.6436-1-colin.king@xxxxxxxxxxxxx
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
---
 arch/x86/ras/mce_amd_inj.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/ras/mce_amd_inj.c b/arch/x86/ras/mce_amd_inj.c
index cd318d93099e..20b227f63407 100644
--- a/arch/x86/ras/mce_amd_inj.c
+++ b/arch/x86/ras/mce_amd_inj.c
@@ -464,13 +464,13 @@ static int __init init_mce_inject(void)
 	return 0;
 
 err_dfs_add:
-	while (--i >= 0)
+	while (i-- > 0)
 		debugfs_remove(dfs_fls[i].d);
 
 	debugfs_remove(dfs_inj);
 	dfs_inj = NULL;
 
-	return -ENOMEM;
+	return -ENODEV;
 }
 
 static void __exit exit_mce_inject(void)
-- 
2.10.0