* [PATCH] pci/rom: Don't scan past the end of the ROM BAR
@ 2012-03-25 23:53 Benjamin Herrenschmidt
0 siblings, 0 replies; only message in thread
From: Benjamin Herrenschmidt @ 2012-03-25 23:53 UTC (permalink / raw)
To: Bjorn Helgaas; +Cc: linux-pci
We can't trust the ROM headers to be 100% correct, and accessing
past the end of the BAR can cause really bad things, such as
machine checks on some platforms.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
---
Found that in an old pile of patches while cleaning up my disk :-)
I was dealing with a buggy radeon that the time iirc.
Cheers,
Ben.
diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index 36864a9..d07dcfc 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -67,10 +67,10 @@ void pci_disable_rom(struct pci_dev *pdev)
size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
{
void __iomem *image;
- int last_image;
+ int last_image = 0;
image = rom;
- do {
+ while (!last_image && (image - rom) < (size - 24)) {
void __iomem *pds;
/* Standard PCI ROMs start out with these bytes 55 AA */
if (readb(image) != 0x55) {
@@ -92,7 +92,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
last_image = readb(pds + 21) & 0x80;
/* this length is reliable */
image += readw(pds + 16) * 512;
- } while (!last_image);
+ };
/* never return a size larger than the PCI resource window */
/* there are known ROMs that get the size wrong */
--
1.7.9.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-25 23:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-25 23:53 [PATCH] pci/rom: Don't scan past the end of the ROM BAR Benjamin Herrenschmidt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.