On Mon, Jan 19, 2015 at 05:53:20PM +0900, Michel Dänzer wrote: > From: Michel Dänzer <michel.daenzer@xxxxxxx> > > If the image size would ever read as 0, pci_get_rom_size could keep > processing the same image over and over again. > > Reported-by: Federico <federicotg@xxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Michel Dänzer <michel.daenzer@xxxxxxx> Applied with Alex's ack to pci/resource for v3.20, thanks! > --- > > v2: > * Use unsigned instead of u16 for the local length variable (not sure if > the multiplication by 512 could overflow otherwise) > * Integrate length condition into while statement > * Add stable tag > > drivers/pci/rom.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c > index f955edb..eb0ad53 100644 > --- a/drivers/pci/rom.c > +++ b/drivers/pci/rom.c > @@ -71,6 +71,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) > { > void __iomem *image; > int last_image; > + unsigned length; > > image = rom; > do { > @@ -93,9 +94,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size) > if (readb(pds + 3) != 'R') > break; > last_image = readb(pds + 21) & 0x80; > - /* this length is reliable */ > - image += readw(pds + 16) * 512; > - } while (!last_image); > + length = readw(pds + 16); > + image += length * 512; > + } while (length && !last_image); > > /* never return a size larger than the PCI resource window */ > /* there are known ROMs that get the size wrong */ > -- > 2.1.4 > -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html