On Fri, 10 Apr 2026, Krzysztof Wilczyński wrote: > Currently, __pci_mmap_fits() computes the BAR size using > pci_resource_len() - 1, which wraps to a large value when the > BAR length is zero, causing the bounds check to incorrectly > succeed. > > Thus, add an early return for empty resources. > > Also, remove the WARN() that fires when userspace attempts to > mmap beyond the BAR bounds. The check still returns 0 to reject > the mapping, but the warning is excessive for normal operation. > > A similar warning was removed from the PCI core in the commit > 3b519e4ea618 ("PCI: fix size checks for mmap() on /proc/bus/pci files"). This looks like entirely separate two changes to me which just happen within the same context. > Signed-off-by: Krzysztof Wilczyński > --- > arch/alpha/kernel/pci-sysfs.c | 14 ++++++-------- > 1 file changed, 6 insertions(+), 8 deletions(-) > > diff --git a/arch/alpha/kernel/pci-sysfs.c b/arch/alpha/kernel/pci-sysfs.c > index 7aac5e76dcd6..867199b988de 100644 > --- a/arch/alpha/kernel/pci-sysfs.c > +++ b/arch/alpha/kernel/pci-sysfs.c > @@ -37,20 +37,18 @@ static int hose_mmap_page_range(struct pci_controller *hose, > static int __pci_mmap_fits(struct pci_dev *pdev, int num, > struct vm_area_struct *vma, int sparse) > { > + resource_size_t len = pci_resource_len(pdev, num); > unsigned long nr, start, size; > int shift = sparse ? 5 : 0; > > + if (!len) > + return 0; > + > nr = vma_pages(vma); > start = vma->vm_pgoff; > - size = ((pci_resource_len(pdev, num) - 1) >> (PAGE_SHIFT - shift)) + 1; > + size = ((len - 1) >> (PAGE_SHIFT - shift)) + 1; > > - if (start < size && size - start >= nr) > - return 1; > - WARN(1, "process \"%s\" tried to map%s 0x%08lx-0x%08lx on %s BAR %d " > - "(size 0x%08lx)\n", > - current->comm, sparse ? " sparse" : "", start, start + nr, > - pci_name(pdev), num, size); > - return 0; > + return start < size && size - start >= nr; > } > > /** > -- i.