On Sat, Oct 26, 2019 at 08:26:58PM +0200, marek.vasut@xxxxxxxxx wrote:
> From: Marek Vasut <marek.vasut+renesas@xxxxxxxxx>
>
> Since the $idx variable value is stored across multiple calls to
> rcar_pcie_inbound_ranges() function, and the $idx value is used to
> index registers which are written, subsequent calls might cause
> the $idx value to be high enough to trigger writes into nonexistent
> registers.
>
> Fix this by moving the $idx value check to the beginning of the loop.
>
> Signed-off-by: Marek Vasut <marek.vasut+renesas@xxxxxxxxx>
> Reviewed-by: Andrew Murray <andrew.murray@xxxxxxx>
> Cc: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
> Cc: Lorenzo Pieralisi <lorenzo.pieralisi@xxxxxxx>
> Cc: Wolfram Sang <wsa@xxxxxxxxxxxxx>
> Cc: linux-renesas-soc@xxxxxxxxxxxxxxx
> To: linux-pci@xxxxxxxxxxxxxxx
> ---
> V2: New patch
> V3: Adjust the check to idx >= MAX_NR_INBOUND_MAPS - 1
> V4: Rebase on next/master
> ---
> drivers/pci/controller/pcie-rcar.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
Applied both patches to pci/rcar, thanks !
Lorenzo
> diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c
> index e45bb2a7bfa5..b2a5c3e94245 100644
> --- a/drivers/pci/controller/pcie-rcar.c
> +++ b/drivers/pci/controller/pcie-rcar.c
> @@ -1049,6 +1049,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie,
> mask &= ~0xf;
>
> while (cpu_addr < cpu_end) {
> + if (idx >= MAX_NR_INBOUND_MAPS - 1) {
> + dev_err(pcie->dev, "Failed to map inbound regions!\n");
> + return -EINVAL;
> + }
> /*
> * Set up 64-bit inbound regions as the range parser doesn't
> * distinguish between 32 and 64-bit types.
> @@ -1068,11 +1072,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie,
> pci_addr += size;
> cpu_addr += size;
> idx += 2;
> -
> - if (idx > MAX_NR_INBOUND_MAPS) {
> - dev_err(pcie->dev, "Failed to map inbound regions!\n");
> - return -EINVAL;
> - }
> }
> *index = idx;
>
> --
> 2.23.0
>
