From 15e2f65f2ecfeb8e39315522e2b5cfdc5651fc10 Mon Sep 17 00:00:00 2001 From: Thomas Weißschuh Date: Mon, 20 Jan 2025 15:09:40 +0100 Subject: of: address: Fix empty resource handling in __of_address_resource_bounds() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "resource->end" needs to always be equal to "resource->start + size - 1". The previous version of the function did not perform the "- 1" in case of an empty resource. Also make sure to allow an empty resource at address 0. Reported-by: Basharath Hussain Khaja Closes: https://lore.kernel.org/lkml/20250108140414.13530-1-basharath@couthit.com/ Fixes: 1a52a094c2f0 ("of: address: Unify resource bounds overflow checking") Cc: stable@vger.kernel.org Signed-off-by: Thomas Weißschuh Link: https://lore.kernel.org/r/20250120-of-address-overflow-v1-1-dd68dbf47bce@linutronix.de Signed-off-by: Rob Herring (Arm) --- drivers/of/address.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'drivers') diff --git a/drivers/of/address.c b/drivers/of/address.c index 6c40f96a1961..26f7fc3d7599 100644 --- a/drivers/of/address.c +++ b/drivers/of/address.c @@ -185,17 +185,15 @@ static u64 of_bus_pci_map(__be32 *addr, const __be32 *range, int na, int ns, static int __of_address_resource_bounds(struct resource *r, u64 start, u64 size) { - u64 end = start; - if (overflows_type(start, r->start)) return -EOVERFLOW; - if (size && check_add_overflow(end, size - 1, &end)) - return -EOVERFLOW; - if (overflows_type(end, r->end)) - return -EOVERFLOW; r->start = start; - r->end = end; + + if (!size) + r->end = wrapping_sub(typeof(r->end), r->start, 1); + else if (size && check_add_overflow(r->start, size - 1, &r->end)) + return -EOVERFLOW; return 0; } -- cgit v1.2.3