[tip:ras/core] x86/RAS/mce_amd_inj: Fix signed wrap around when decrementing index 'i'

[tip-bot for Colin Ian King]

Commit-ID:  8b44f00f8c952ab6eb658090383571b2ec7d253f
Gitweb:     http://git.kernel.org/tip/8b44f00f8c952ab6eb658090383571b2ec7d253f
Author:     Colin Ian King <colin.king@xxxxxxxxxxxxx>
AuthorDate: Mon, 26 Sep 2016 10:31:51 +0200
Committer:  Ingo Molnar <mingo@xxxxxxxxxx>
CommitDate: Mon, 26 Sep 2016 11:13:17 +0200

x86/RAS/mce_amd_inj: Fix signed wrap around when decrementing index 'i'

Change predecrement compare to post decrement compare to avoid an
unsigned integer wrap-around comparisomn when decrementing in the while
loop.

For example, if the debugfs_create_file() fails when 'i' is zero, the
current situation will predecrement 'i' in the while loop, wrapping 'i' to
the maximum signed integer and cause multiple out of bounds reads on
dfs_fls[i].d as the loop interates to zero.

Also, as Borislav Petkov suggested, return -ENODEV rather than -ENOMEM
on the error condition.

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Yazen Ghannam <Yazen.Ghannam@xxxxxxx>
Link: http://lkml.kernel.org/r/20160926083152.30848-2-bp@xxxxxxxxx
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
---
 arch/x86/ras/mce_amd_inj.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/ras/mce_amd_inj.c b/arch/x86/ras/mce_amd_inj.c
index cd318d9..20b227f 100644
--- a/arch/x86/ras/mce_amd_inj.c
+++ b/arch/x86/ras/mce_amd_inj.c
@@ -464,13 +464,13 @@ static int __init init_mce_inject(void)
 	return 0;
 
 err_dfs_add:
-	while (--i >= 0)
+	while (i-- > 0)
 		debugfs_remove(dfs_fls[i].d);
 
 	debugfs_remove(dfs_inj);
 	dfs_inj = NULL;
 
-	return -ENOMEM;
+	return -ENODEV;
 }
 
 static void __exit exit_mce_inject(void)