On Tue, Nov 20, 2018 at 02:27:03PM +0100, Stefan Agner wrote:
> Add length to the struct dw_pcie and check that the accessors
> dw_pcie_(rd|wr)_own_conf() do not read/write beyond that point.
>
> Signed-off-by: Stefan Agner <stefan@xxxxxxxx>
> ---
> drivers/pci/controller/dwc/pcie-designware-host.c | 4 ++++
> drivers/pci/controller/dwc/pcie-designware.h | 1 +
> 2 files changed, 5 insertions(+)
Hi Stefan,
may I kindly ask you please to rebase this series against my pci/dwc
branch ? I will apply it with Lucas tags then.
Please CC me on the patches.
Thanks,
Lorenzo
> diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c
> index 29a05759a294..b422538ee0bb 100644
> --- a/drivers/pci/controller/dwc/pcie-designware-host.c
> +++ b/drivers/pci/controller/dwc/pcie-designware-host.c
> @@ -29,6 +29,8 @@ static int dw_pcie_rd_own_conf(struct pcie_port *pp, int where, int size,
> return pp->ops->rd_own_conf(pp, where, size, val);
>
> pci = to_dw_pcie_from_pp(pp);
> + if (pci->dbi_length && where + size > pci->dbi_length)
> + return PCIBIOS_BAD_REGISTER_NUMBER;
> return dw_pcie_read(pci->dbi_base + where, size, val);
> }
>
> @@ -41,6 +43,8 @@ static int dw_pcie_wr_own_conf(struct pcie_port *pp, int where, int size,
> return pp->ops->wr_own_conf(pp, where, size, val);
>
> pci = to_dw_pcie_from_pp(pp);
> + if (pci->dbi_length && where + size > pci->dbi_length)
> + return PCIBIOS_BAD_REGISTER_NUMBER;
> return dw_pcie_write(pci->dbi_base + where, size, val);
> }
>
> diff --git a/drivers/pci/controller/dwc/pcie-designware.h b/drivers/pci/controller/dwc/pcie-designware.h
> index 9f1a5e399b70..5be5f369abf2 100644
> --- a/drivers/pci/controller/dwc/pcie-designware.h
> +++ b/drivers/pci/controller/dwc/pcie-designware.h
> @@ -215,6 +215,7 @@ struct dw_pcie {
> struct device *dev;
> void __iomem *dbi_base;
> void __iomem *dbi_base2;
> + int dbi_length;
> u32 num_viewport;
> u8 iatu_unroll_enabled;
> struct pcie_port pp;
> --
> 2.19.1
>
