* [PATCH] pci/rom: Don't scan past the end of the ROM BAR
@ 2012-03-25 23:53 Benjamin Herrenschmidt
0 siblings, 0 replies; only message in thread
From: Benjamin Herrenschmidt @ 2012-03-25 23:53 UTC (permalink / raw)
To: Bjorn Helgaas; +Cc: linux-pci
We can't trust the ROM headers to be 100% correct, and accessing
past the end of the BAR can cause really bad things, such as
machine checks on some platforms.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
---
Found that in an old pile of patches while cleaning up my disk :-)
I was dealing with a buggy radeon that the time iirc.
Cheers,
Ben.
diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index 36864a9..d07dcfc 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -67,10 +67,10 @@ void pci_disable_rom(struct pci_dev *pdev)
size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
{
void __iomem *image;
- int last_image;
+ int last_image = 0;
image = rom;
- do {
+ while (!last_image && (image - rom) < (size - 24)) {
void __iomem *pds;
/* Standard PCI ROMs start out with these bytes 55 AA */
if (readb(image) != 0x55) {
@@ -92,7 +92,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
last_image = readb(pds + 21) & 0x80;
/* this length is reliable */
image += readw(pds + 16) * 512;
- } while (!last_image);
+ };
/* never return a size larger than the PCI resource window */
/* there are known ROMs that get the size wrong */
--
1.7.9.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-25 23:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-25 23:53 [PATCH] pci/rom: Don't scan past the end of the ROM BAR Benjamin Herrenschmidt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).