pci_iomap_range() (in lib/pci_iomap.c) will truncate a mapping request to the end of the BAR. So if a driver tries to map 8k but the BAR is only 4k only 4k is mapped. The driver isn't told and is likely to try to access the entire 8k of the original request. At best this gives a fault on the access, worse the virtual address might reference some other memory/device. ISTM that NULL ought to be returned. Failing that at least a message saying the request has been truncated. It isn't even necessarily obvious that treating 0 as 'all the BAR' is in any way safe. If pcio_iomap_range() didn't truncate the request, there would be a message from (somewhere inside) ioremap() that the request crossed a BAR boundary. The map is, however, actioned 'correctly'. (Discovered while trying to map a BAR double its length in order to send a PCIe endpoint a TLP that was outside the actual BAR in order to generate an AER report.) I could cook up a patch to at generate a warning message. David
