Hi Marek,
On Fri, Aug 9, 2019 at 7:48 PM <marek.vasut@xxxxxxxxx> wrote:
> From: Marek Vasut <marek.vasut+renesas@xxxxxxxxx>
>
> Since the $idx variable value is stored across multiple calls to
> rcar_pcie_inbound_ranges() function, and the $idx value is used to
> index registers which are written, subsequent calls might cause
> the $idx value to be high enough to trigger writes into nonexistent
> registers.
>
> Fix this by moving the $idx value check to the beginning of the loop.
>
> Signed-off-by: Marek Vasut <marek.vasut+renesas@xxxxxxxxx>
Thanks for your patch!
> --- a/drivers/pci/controller/pcie-rcar.c
> +++ b/drivers/pci/controller/pcie-rcar.c
> @@ -1048,6 +1048,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie,
> mask &= ~0xf;
>
> while (cpu_addr < cpu_end) {
> + if (idx > MAX_NR_INBOUND_MAPS) {
Shouldn't that check be "idx >= MAX_NR_INBOUND_MAPS - 1" now?
> + dev_err(pcie->dev, "Failed to map inbound regions!\n");
> + return -EINVAL;
> + }
> /*
> * Set up 64-bit inbound regions as the range parser doesn't
> * distinguish between 32 and 64-bit types.
> @@ -1067,11 +1071,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie,
> pci_addr += size;
> cpu_addr += size;
> idx += 2;
> -
> - if (idx > MAX_NR_INBOUND_MAPS) {
> - dev_err(pcie->dev, "Failed to map inbound regions!\n");
> - return -EINVAL;
> - }
> }
> *index = idx;
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
