From 85bff4c3d320bffceab0c96ee2be4d5f55a3a4e7 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Sat, 26 Oct 2019 20:26:58 +0200 Subject: [PATCH] PCI: rcar: Move the inbound index check Since the 'idx' variable value is stored across multiple calls to rcar_pcie_inbound_ranges() function, and the 'idx' value is used to index registers which are written, subsequent calls might cause the 'idx' value to be high enough to trigger writes into nonexistent registers. Fix this by moving the 'idx' value check to the beginning of the loop. Signed-off-by: Marek Vasut Signed-off-by: Lorenzo Pieralisi Reviewed-by: Andrew Murray Reviewed-by: Yoshihiro Shimoda Cc: Geert Uytterhoeven Cc: Lorenzo Pieralisi Cc: Wolfram Sang Cc: linux-renesas-soc@vger.kernel.org --- drivers/pci/controller/pcie-rcar.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c index ee1c38c2fac9..04ff6c4baa70 100644 --- a/drivers/pci/controller/pcie-rcar.c +++ b/drivers/pci/controller/pcie-rcar.c @@ -1046,6 +1046,10 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, mask &= ~0xf; while (cpu_addr < cpu_end) { + if (idx >= MAX_NR_INBOUND_MAPS - 1) { + dev_err(pcie->dev, "Failed to map inbound regions!\n"); + return -EINVAL; + } /* * Set up 64-bit inbound regions as the range parser doesn't * distinguish between 32 and 64-bit types. @@ -1065,11 +1069,6 @@ static int rcar_pcie_inbound_ranges(struct rcar_pcie *pcie, pci_addr += size; cpu_addr += size; idx += 2; - - if (idx > MAX_NR_INBOUND_MAPS) { - dev_err(pcie->dev, "Failed to map inbound regions!\n"); - return -EINVAL; - } } *index = idx;