Am Dienstag, den 20.11.2018, 14:27 +0100 schrieb Stefan Agner:
> Add length to the struct dw_pcie and check that the accessors
> dw_pcie_(rd|wr)_own_conf() do not read/write beyond that point.
>
> Signed-off-by: Stefan Agner <stefan@xxxxxxxx>
FWIW:
Reviewed-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
> ---
> drivers/pci/controller/dwc/pcie-designware-host.c | 4 ++++
> drivers/pci/controller/dwc/pcie-designware.h | 1 +
> 2 files changed, 5 insertions(+)
>
> diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c
> index 29a05759a294..b422538ee0bb 100644
> --- a/drivers/pci/controller/dwc/pcie-designware-host.c
> +++ b/drivers/pci/controller/dwc/pcie-designware-host.c
> @@ -29,6 +29,8 @@ static int dw_pcie_rd_own_conf(struct pcie_port *pp, int where, int size,
> > return pp->ops->rd_own_conf(pp, where, size, val);
>
> > pci = to_dw_pcie_from_pp(pp);
> > + if (pci->dbi_length && where + size > pci->dbi_length)
> > + return PCIBIOS_BAD_REGISTER_NUMBER;
> > return dw_pcie_read(pci->dbi_base + where, size, val);
> }
>
> @@ -41,6 +43,8 @@ static int dw_pcie_wr_own_conf(struct pcie_port *pp, int where, int size,
> > return pp->ops->wr_own_conf(pp, where, size, val);
>
> > pci = to_dw_pcie_from_pp(pp);
> > + if (pci->dbi_length && where + size > pci->dbi_length)
> > + return PCIBIOS_BAD_REGISTER_NUMBER;
> > return dw_pcie_write(pci->dbi_base + where, size, val);
> }
>
> diff --git a/drivers/pci/controller/dwc/pcie-designware.h b/drivers/pci/controller/dwc/pcie-designware.h
> index 9f1a5e399b70..5be5f369abf2 100644
> --- a/drivers/pci/controller/dwc/pcie-designware.h
> +++ b/drivers/pci/controller/dwc/pcie-designware.h
> @@ -215,6 +215,7 @@ struct dw_pcie {
> > > struct device *dev;
> > > void __iomem *dbi_base;
> > > void __iomem *dbi_base2;
> > > + int dbi_length;
> > > u32 num_viewport;
> > > u8 iatu_unroll_enabled;
> > > struct pcie_port pp;
