From: "Krzysztof Wilczyński" <kwilczynski@kernel.org>
To: Bjorn Helgaas <bhelgaas@google.com>
Cc: "Bjorn Helgaas" <helgaas@kernel.org>,
"Manivannan Sadhasivam" <mani@kernel.org>,
"Lorenzo Pieralisi" <lpieralisi@kernel.org>,
"Magnus Lindholm" <linmag7@gmail.com>,
"Matt Turner" <mattst88@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Christophe Leroy" <chleroy@kernel.org>,
"Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Dexuan Cui" <decui@microsoft.com>,
"Krzysztof Hałasa" <khalasa@piap.pl>,
"Lukas Wunner" <lukas@wunner.de>,
"Oliver O'Halloran" <oohall@gmail.com>,
"Saurabh Singh Sengar" <ssengar@microsoft.com>,
"Shuan He" <heshuan@bytedance.com>,
"Srivatsa Bhat" <srivatsabhat@microsoft.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
linux-pci@vger.kernel.org, linux-alpha@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v5 14/23] alpha/PCI: Fix __pci_mmap_fits() overflow for zero-length BARs
Date: Thu, 16 Apr 2026 18:00:58 +0000 [thread overview]
Message-ID: <20260416180107.777065-15-kwilczynski@kernel.org> (raw)
In-Reply-To: <20260416180107.777065-1-kwilczynski@kernel.org>
Currently, __pci_mmap_fits() computes the BAR size using
pci_resource_len() - 1, which wraps to a large value when the
BAR length is zero, causing the bounds check to incorrectly
succeed.
Thus, add an early return for empty resources.
Fixes: 10a0ef39fbd1 ("PCI/alpha: pci sysfs resources")
Tested-by: Magnus Lindholm <linmag7@gmail.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Acked-by: Magnus Lindholm <linmag7@gmail.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
---
arch/alpha/kernel/pci-sysfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/alpha/kernel/pci-sysfs.c b/arch/alpha/kernel/pci-sysfs.c
index 5c29f1d2821c..8802f955256e 100644
--- a/arch/alpha/kernel/pci-sysfs.c
+++ b/arch/alpha/kernel/pci-sysfs.c
@@ -37,12 +37,16 @@ static int hose_mmap_page_range(struct pci_controller *hose,
static int __pci_mmap_fits(struct pci_dev *pdev, int num,
struct vm_area_struct *vma, int sparse)
{
+ resource_size_t len = pci_resource_len(pdev, num);
unsigned long nr, start, size;
int shift = sparse ? 5 : 0;
+ if (!len)
+ return 0;
+
nr = vma_pages(vma);
start = vma->vm_pgoff;
- size = ((pci_resource_len(pdev, num) - 1) >> (PAGE_SHIFT - shift)) + 1;
+ size = ((len - 1) >> (PAGE_SHIFT - shift)) + 1;
if (start < size && size - start >= nr)
return 1;
--
2.53.0
next prev parent reply other threads:[~2026-04-16 18:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-16 18:00 [PATCH v5 00/23] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 01/23] PCI/sysfs: Use PCI resource accessor macros Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 02/23] PCI: Add pci_resource_is_io() and pci_resource_is_mem() helpers Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 03/23] PCI/sysfs: Only allow supported resource types in I/O and MMIO helpers Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 04/23] PCI/sysfs: Use BAR length in pci_llseek_resource() when attr->size is zero Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 05/23] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store() Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 06/23] PCI/sysfs: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 07/23] PCI/sysfs: Convert PCI resource files to static attributes Krzysztof Wilczyński
2026-04-21 19:42 ` Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 08/23] PCI/sysfs: Warn about BAR resize failure in __resource_resize_store() Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 09/23] PCI/sysfs: Add stubs for pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 10/23] PCI/sysfs: Limit pci_sysfs_init() late_initcall compile scope Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 11/23] alpha/PCI: Add security_locked_down() check to pci_mmap_resource() Krzysztof Wilczyński
2026-04-21 19:50 ` Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 12/23] alpha/PCI: Use BAR index in sysfs attr->private instead of resource pointer Krzysztof Wilczyński
2026-04-16 18:00 ` [PATCH v5 13/23] alpha/PCI: Use PCI resource accessor macros Krzysztof Wilczyński
2026-04-21 18:43 ` Krzysztof Wilczyński
2026-04-16 18:00 ` Krzysztof Wilczyński [this message]
2026-04-16 18:00 ` [PATCH v5 15/23] alpha/PCI: Remove WARN from __pci_mmap_fits() Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 16/23] alpha/PCI: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 17/23] alpha/PCI: Convert resource files to static attributes Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 18/23] PCI/sysfs: Remove pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 19/23] PCI: Add macros for legacy I/O and memory address space sizes Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 20/23] alpha/PCI: Compute legacy size in pci_mmap_legacy_page_range() Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 21/23] PCI/sysfs: Add __weak pci_legacy_has_sparse() helper Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 22/23] PCI/sysfs: Convert legacy I/O and memory attributes to static definitions Krzysztof Wilczyński
2026-04-21 20:06 ` Krzysztof Wilczyński
2026-04-16 18:01 ` [PATCH v5 23/23] PCI/sysfs: Remove pci_create_legacy_files() and pci_sysfs_init() Krzysztof Wilczyński
2026-04-17 10:41 ` [PATCH v5 00/23] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260416180107.777065-15-kwilczynski@kernel.org \
--to=kwilczynski@kernel.org \
--cc=bhelgaas@google.com \
--cc=chleroy@kernel.org \
--cc=decui@microsoft.com \
--cc=helgaas@kernel.org \
--cc=heshuan@bytedance.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=khalasa@piap.pl \
--cc=linmag7@gmail.com \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lpieralisi@kernel.org \
--cc=lukas@wunner.de \
--cc=maddy@linux.ibm.com \
--cc=mani@kernel.org \
--cc=mattst88@gmail.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=oohall@gmail.com \
--cc=richard.henderson@linaro.org \
--cc=srivatsabhat@microsoft.com \
--cc=ssengar@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.