mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

PCI: Avoid iterating through memory outside the resource window 

If the 'image' pointer has been advanced more than 'size', we've already
iterated through memory outside the resource window.

We have zero control over whatever we find in the option ROM, if it's even
an option ROM and not just an accident of random data just happening to
look like an option ROM.

Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
This commit is contained in:
Edward O'Callaghan 2016-01-08 12:16:04 -06:00 committed by Bjorn Helgaas
parent 3460baa620
commit 47b975d234
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/pci/rom.c
View File

@ -96,6 +96,9 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
last_image = readb(pds + 21) & 0x80;
length = readw(pds + 16);
image += length * 512;
/* Avoid iterating through memory outside the resource window */
if (image > rom + size)
break;
} while (length && !last_image);
/* never return a size larger than the PCI resource window */