Message ID | 20190809174825.2572-1-marek.vasut@gmail.com (mailing list archive) |
---|---|
State | Superseded, archived |
Headers | show |
Series | [V2,1/3] PCI: rcar: Move the inbound index check | expand |
Hi Marek, On Fri, Aug 9, 2019 at 7:48 PM <marek.vasut@gmail.com> wrote: > From: Marek Vasut <marek.vasut+renesas@gmail.com> > > Since the $idx variable value is stored across multiple calls to > rcar_pcie_inbound_ranges() function, and the $idx value is used to > index registers which are written, subsequent calls might cause > the $idx value to be high enough to trigger writes into nonexistent > registers. > > Fix this by moving the $idx value check to the beginning of the loop. > > Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Thanks for your patch! > --- a/drivers/pci/controller/pcie-rcar.c > +++ b/drivers/pci/controller/pcie-rcar.c > @@ -1048,6 +1048,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, > mask &= ~0xf; > > while (cpu_addr < cpu_end) { > + if (idx > MAX_NR_INBOUND_MAPS) { Shouldn't that check be "idx >= MAX_NR_INBOUND_MAPS - 1" now? > + dev_err(pcie->dev, "Failed to map inbound regions!\n"); > + return -EINVAL; > + } > /* > * Set up 64-bit inbound regions as the range parser doesn't > * distinguish between 32 and 64-bit types. > @@ -1067,11 +1071,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, > pci_addr += size; > cpu_addr += size; > idx += 2; > - > - if (idx > MAX_NR_INBOUND_MAPS) { > - dev_err(pcie->dev, "Failed to map inbound regions!\n"); > - return -EINVAL; > - } > } > *index = idx; Gr{oetje,eeting}s, Geert
diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c index f6a669a9af41..0f501acbc3bb 100644 --- a/drivers/pci/controller/pcie-rcar.c +++ b/drivers/pci/controller/pcie-rcar.c @@ -1048,6 +1048,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, mask &= ~0xf; while (cpu_addr < cpu_end) { + if (idx > MAX_NR_INBOUND_MAPS) { + dev_err(pcie->dev, "Failed to map inbound regions!\n"); + return -EINVAL; + } /* * Set up 64-bit inbound regions as the range parser doesn't * distinguish between 32 and 64-bit types. @@ -1067,11 +1071,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, pci_addr += size; cpu_addr += size; idx += 2; - - if (idx > MAX_NR_INBOUND_MAPS) { - dev_err(pcie->dev, "Failed to map inbound regions!\n"); - return -EINVAL; - } } *index = idx;