pci: Check region ranges are addressable

When parsing the `ranges` DT node, check that both extremes of the
regions are addressable without overflow. This assumption can then be
safely made when processing the regions.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

diff --git a/drivers/pci/pci-uclass.c b/drivers/pci/pci-uclass.c
index 8bbeb62f2ec8b9a577d020b639eb877002cf8e44..0424cd339ebf1dbeec05009df984c6dae2ac1fcc 100644 (file)
--- a/drivers/pci/pci-uclass.c
+++ b/drivers/pci/pci-uclass.c
@@ -1013,7 +1013,22 @@ static void decode_regions(struct pci_controller *hose, ofnode parent_node,
 
                if (!IS_ENABLED(CONFIG_SYS_PCI_64BIT) &&
                    type == PCI_REGION_MEM && upper_32_bits(pci_addr)) {
-                       debug(" - beyond the 32-bit boundary, ignoring\n");
+                       debug(" - pci_addr beyond the 32-bit boundary, ignoring\n");
+                       continue;
+               }
+
+               if (!IS_ENABLED(CONFIG_PHYS_64BIT) && upper_32_bits(addr)) {
+                       debug(" - addr beyond the 32-bit boundary, ignoring\n");
+                       continue;
+               }
+
+               if (~((pci_addr_t)0) - pci_addr < size) {
+                       debug(" - PCI range exceeds max address, ignoring\n");
+                       continue;
+               }
+
+               if (~((phys_addr_t)0) - addr < size) {
+                       debug(" - phys range exceeds max address, ignoring\n");
                        continue;
                }