From: Miao Wang <shankerwangmiao@xxxxxxxxx> When the IO resource given by _CRS method is not page aligned, serious problems will happen because the mis-aligend address is passed down to pci_remap_iospace, then to vmap_page_range, and finally to vmap_pte_range, where the length bewteen addr and end is expected to be divisible by PAGE_SIZE, or the loop will overrun till the pfn_none check fails. Signed-off-by: Miao Wang <shankerwangmiao@xxxxxxxxx> --- drivers/acpi/pci_root.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c index d0bfb3706801..58fc64757bde 100644 --- a/drivers/acpi/pci_root.c +++ b/drivers/acpi/pci_root.c @@ -858,7 +858,7 @@ static void acpi_pci_root_validate_resources(struct device *dev, } } -static void acpi_pci_root_remap_iospace(struct fwnode_handle *fwnode, +static void acpi_pci_root_remap_iospace(struct acpi_device *device, struct resource_entry *entry) { #ifdef PCI_IOBASE @@ -868,7 +868,15 @@ static void acpi_pci_root_remap_iospace(struct fwnode_handle *fwnode, resource_size_t length = resource_size(res); unsigned long port; - if (pci_register_io_range(fwnode, cpu_addr, length)) + if (!PAGE_ALIGNED(cpu_addr) || !PAGE_ALIGNED(length) || + !PAGE_ALIGNED(pci_addr)) { + dev_err(device->dev, + FW_BUG "I/O resource %pR or its offset %pa is not page aligned\n", + res, &entry->offset); + goto err; + } + + if (pci_register_io_range(&device->fwnode, cpu_addr, length)) goto err; port = pci_address_to_pio(cpu_addr); @@ -910,7 +918,7 @@ int acpi_pci_probe_root_resources(struct acpi_pci_root_info *info) else { resource_list_for_each_entry_safe(entry, tmp, list) { if (entry->res->flags & IORESOURCE_IO) - acpi_pci_root_remap_iospace(&device->fwnode, + acpi_pci_root_remap_iospace(device, entry); if (entry->res->flags & IORESOURCE_DISABLED) --- base-commit: 7c626ce4bae1ac14f60076d00eafe71af30450ba change-id: 20240813-check_pci_probe_res-27e3e6df72b2 Best regards, -- Miao Wang <shankerwangmiao@xxxxxxxxx>