diff options
| author | liyouhong <liyouhong@kylinos.cn> | 2026-04-28 05:09:35 +0300 |
|---|---|---|
| committer | Niklas Cassel <cassel@kernel.org> | 2026-06-01 20:07:37 +0300 |
| commit | c4086c6e1af757e1ff26fa2d2926b3ec0195de79 (patch) | |
| tree | d54bfb8757911009eadf5f0a9d70845299677b24 | |
| parent | 3f8e2146d0c4ea5abc8532ae74b053faf9e77bc8 (diff) | |
| download | linux-c4086c6e1af757e1ff26fa2d2926b3ec0195de79.tar.xz | |
ata: ahci: fail probe if BAR too small for claimed ports
When an AHCI controller is disabled in BIOS, its HOST_CAP register may
contain a bogus value, e.g. 0xFFFFFFFF.
Since CAP.NP (Number of Ports) is a zeroes based 5-bit register field,
a value of 0x1f means 32 ports. If CAP.NP claims more ports than can
physically fit within the mapped BAR region, accessing port registers
beyond the BAR boundary causes a kernel panic.
Add validation in ahci_init_one() to check that the BAR size is
sufficient for the number of ports claimed in CAP.NP. The check
calculates the required MMIO size as:
required_size = 0x100 (global registers) + max_ports * 0x80
If required_size exceeds the actual BAR size, the probe fails with
-ENODEV, preventing the panic and providing a clear error message.
Reported-by: liyouhong <liyouhong@kylinos.cn>
Closes: https://lore.kernel.org/all/20260422080322.1006592-1-dayou5941@163.com/
Suggested-by: Damien Le Moal <dlemoal@kernel.org>
Suggested-by: Niklas Cassel <cassel@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: liyouhong <liyouhong@kylinos.cn>
[cassel: commit log]
Signed-off-by: Niklas Cassel <cassel@kernel.org>
| -rw-r--r-- | drivers/ata/ahci.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 1d73a53370cf..b4e5d347151a 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1888,6 +1888,24 @@ static ssize_t remapped_nvme_show(struct device *dev, static DEVICE_ATTR_RO(remapped_nvme); +static int ahci_validate_bar_size(struct pci_dev *pdev, int bar, + struct ahci_host_priv *hpriv) +{ + u32 cap = readl(hpriv->mmio + HOST_CAP); + unsigned int max_ports = ahci_nr_ports(cap); + u32 last_port_end = 0x100 + (max_ports * 0x80); + resource_size_t bar_size = pci_resource_len(pdev, bar); + + if (last_port_end > bar_size) { + dev_warn(&pdev->dev, + "BAR%d too small for %u ports (last port ends at %#x, BAR %pa)\n", + bar, max_ports, last_port_end, &bar_size); + return -ENODEV; + } + + return 0; +} + static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) { unsigned int board_id = ent->driver_data; @@ -1988,6 +2006,10 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (!hpriv->mmio) return -ENOMEM; + rc = ahci_validate_bar_size(pdev, ahci_pci_bar, hpriv); + if (rc) + return rc; + /* detect remapped nvme devices */ ahci_remap_check(pdev, ahci_pci_bar, hpriv); |