From: Bjorn Helgaas <bhelgaas@google.com>
Date: Thu, 5 Nov 2020 20:51:36 +0000 (-0600)
Subject: PCI: Bounds-check command-line resource alignment requests
X-Git-Tag: v5.11-rc1~149^2~14^2~3
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=6534aac198b58309ff2337981d3f893e0be1d19d;p=linux-platform-drivers-x86.git

PCI: Bounds-check command-line resource alignment requests

32-bit BARs are limited to 2GB size (2^31).  By extension, I assume 64-bit
BARs are limited to 2^63 bytes.  Limit the alignment requested by the
"pci=resource_alignment=" command-line parameter to 2^63.

Link: https://lore.kernel.org/r/20201007123045.GS4282@kadam
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 3ef63a101fa1..711268776371 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6202,19 +6202,21 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
 	while (*p) {
 		count = 0;
 		if (sscanf(p, "%d%n", &align_order, &count) == 1 &&
-							p[count] == '@') {
+		    p[count] == '@') {
 			p += count + 1;
+			if (align_order > 63) {
+				pr_err("PCI: Invalid requested alignment (order %d)\n",
+				       align_order);
+				align_order = PAGE_SHIFT;
+			}
 		} else {
-			align_order = -1;
+			align_order = PAGE_SHIFT;
 		}
 
 		ret = pci_dev_str_match(dev, p, &p);
 		if (ret == 1) {
 			*resize = true;
-			if (align_order == -1)
-				align = PAGE_SIZE;
-			else
-				align = 1 << align_order;
+			align = 1 << align_order;
 			break;
 		} else if (ret < 0) {
 			pr_err("PCI: Can't parse resource_alignment parameter: %s\n",