On Fri, Aug 09, 2019 at 07:57:39PM +0200, [email protected] wrote: > From: Marek Vasut <[email protected]> > > Since the $idx variable value is stored across multiple calls to > rcar_pcie_inbound_ranges() function, and the $idx value is used to > index registers which are written, subsequent calls might cause > the $idx value to be high enough to trigger writes into nonexistent > registers. > > Fix this by moving the $idx value check to the beginning of the loop. > > Signed-off-by: Marek Vasut <[email protected]> > Cc: Geert Uytterhoeven <[email protected]> > Cc: Lorenzo Pieralisi <[email protected]> > Cc: Wolfram Sang <[email protected]> > Cc: [email protected] > To: [email protected] > --- > V2: New patch > V3: Adjust the check to idx >= MAX_NR_INBOUND_MAPS - 1 > --- > drivers/pci/controller/pcie-rcar.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) >
Reviewed-by: Andrew Murray <[email protected]> > diff --git a/drivers/pci/controller/pcie-rcar.c > b/drivers/pci/controller/pcie-rcar.c > index f6a669a9af41..56a6433eb70b 100644 > --- a/drivers/pci/controller/pcie-rcar.c > +++ b/drivers/pci/controller/pcie-rcar.c > @@ -1048,6 +1048,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie > *pcie, > mask &= ~0xf; > > while (cpu_addr < cpu_end) { > + if (idx >= MAX_NR_INBOUND_MAPS - 1) { > + dev_err(pcie->dev, "Failed to map inbound regions!\n"); > + return -EINVAL; > + } > /* > * Set up 64-bit inbound regions as the range parser doesn't > * distinguish between 32 and 64-bit types. > @@ -1067,11 +1071,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie > *pcie, > pci_addr += size; > cpu_addr += size; > idx += 2; > - > - if (idx > MAX_NR_INBOUND_MAPS) { > - dev_err(pcie->dev, "Failed to map inbound regions!\n"); > - return -EINVAL; > - } > } > *index = idx; > > -- > 2.20.1 >
