[PATCH v4 15/24] alpha/PCI: Fix __pci_mmap_fits() overflow for zero-length BARs
Ilpo Järvinen
ilpo.jarvinen at linux.intel.com
Mon Apr 13 21:44:29 AEST 2026
On Sat, 11 Apr 2026, Krzysztof Wilczyński wrote:
> Currently, __pci_mmap_fits() computes the BAR size using
> pci_resource_len() - 1, which wraps to a large value when the
> BAR length is zero, causing the bounds check to incorrectly
> succeed.
>
> Thus, add an early return for empty resources.
>
> Fixes: 10a0ef39fbd1 ("PCI/alpha: pci sysfs resources")
> Signed-off-by: Krzysztof Wilczyński <kwilczynski at kernel.org>
> ---
> arch/alpha/kernel/pci-sysfs.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/arch/alpha/kernel/pci-sysfs.c b/arch/alpha/kernel/pci-sysfs.c
> index 6c011dab326d..2748000a7486 100644
> --- a/arch/alpha/kernel/pci-sysfs.c
> +++ b/arch/alpha/kernel/pci-sysfs.c
> @@ -37,12 +37,16 @@ static int hose_mmap_page_range(struct pci_controller *hose,
> static int __pci_mmap_fits(struct pci_dev *pdev, int num,
> struct vm_area_struct *vma, int sparse)
> {
> + resource_size_t len = pci_resource_len(pdev, num);
> unsigned long nr, start, size;
> int shift = sparse ? 5 : 0;
>
> + if (!len)
> + return 0;
> +
> nr = vma_pages(vma);
> start = vma->vm_pgoff;
> - size = ((pci_resource_len(pdev, num) - 1) >> (PAGE_SHIFT - shift)) + 1;
> + size = ((len - 1) >> (PAGE_SHIFT - shift)) + 1;
>
> if (start < size && size - start >= nr)
> return 1;
>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen at linux.intel.com>
--
i.
More information about the Linuxppc-dev
mailing list