From: Andrew Scull <ascull@google.com>
Date: Thu, 21 Apr 2022 16:11:07 +0000 (+0000)
Subject: pci: Check region ranges are addressable
X-Git-Tag: v2025.01-rc5-pxa1908~1422^2~9
X-Git-Url: http://git.dujemihanovic.xyz/img/html/index.html?a=commitdiff_plain;h=ec8eba8c2d4e10e77699c56918d2078210aa1339;p=u-boot.git

pci: Check region ranges are addressable

When parsing the `ranges` DT node, check that both extremes of the
regions are addressable without overflow. This assumption can then be
safely made when processing the regions.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
---

diff --git a/drivers/pci/pci-uclass.c b/drivers/pci/pci-uclass.c
index 8bbeb62f2e..0424cd339e 100644
--- a/drivers/pci/pci-uclass.c
+++ b/drivers/pci/pci-uclass.c
@@ -1013,7 +1013,22 @@ static void decode_regions(struct pci_controller *hose, ofnode parent_node,
 
 		if (!IS_ENABLED(CONFIG_SYS_PCI_64BIT) &&
 		    type == PCI_REGION_MEM && upper_32_bits(pci_addr)) {
-			debug(" - beyond the 32-bit boundary, ignoring\n");
+			debug(" - pci_addr beyond the 32-bit boundary, ignoring\n");
+			continue;
+		}
+
+		if (!IS_ENABLED(CONFIG_PHYS_64BIT) && upper_32_bits(addr)) {
+			debug(" - addr beyond the 32-bit boundary, ignoring\n");
+			continue;
+		}
+
+		if (~((pci_addr_t)0) - pci_addr < size) {
+			debug(" - PCI range exceeds max address, ignoring\n");
+			continue;
+		}
+
+		if (~((phys_addr_t)0) - addr < size) {
+			debug(" - phys range exceeds max address, ignoring\n");
 			continue;
 		}