[PATCH v2 11/18] pci: Range check address conversions

From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, bmeng.cn@gmail.com, adelva@google.com,
	keirf@google.com,  ptosi@google.com,
	Andrew Scull <ascull@google.com>
Subject: [PATCH v2 11/18] pci: Range check address conversions
Date: Tue, 29 Mar 2022 16:58:53 +0000	[thread overview]
Message-ID: <20220329165900.1139885-12-ascull@google.com> (raw)
In-Reply-To: <20220329165900.1139885-1-ascull@google.com>

When converting between PCI bus and physical addresses, include a length
parameter that can be used to check that the entire range fits within
one of the PCI regions. This prevents an address being returned that
might be only partially valid for the range it is going to be used for.

Where the range check is not wanted, passing a length of 0 will have the
same behaviour as before this change.

Signed-off-by: Andrew Scull <ascull@google.com>
---
 drivers/pci/pci-uclass.c | 57 ++++++++++++++++++++++++----------------
 include/pci.h            | 20 +++++++-------
 2 files changed, 46 insertions(+), 31 deletions(-)

diff --git a/drivers/pci/pci-uclass.c b/drivers/pci/pci-uclass.c
index d84d97d676..ba210bc91f 100644
--- a/drivers/pci/pci-uclass.c
+++ b/drivers/pci/pci-uclass.c
@@ -1394,12 +1394,13 @@ void dm_pci_write_bar32(struct udevice *dev, int barnum, u32 addr)
 	dm_pci_write_config32(dev, bar, addr);
 }
 
-static int _dm_pci_bus_to_phys(struct udevice *ctlr,
-			       pci_addr_t bus_addr, unsigned long flags,
+static int _dm_pci_bus_to_phys(struct udevice *ctlr, pci_addr_t bus_addr,
+			       size_t len, unsigned long flags,
 			       unsigned long skip_mask, phys_addr_t *pa)
 {
 	struct pci_controller *hose = dev_get_uclass_priv(ctlr);
 	struct pci_region *res;
+	pci_addr_t offset;
 	int i;
 
 	if (hose->region_count == 0) {
@@ -1416,18 +1417,25 @@ static int _dm_pci_bus_to_phys(struct udevice *ctlr,
 		if (res->flags & skip_mask)
 			continue;
 
-		if (bus_addr >= res->bus_start &&
-		    (bus_addr - res->bus_start) < res->size) {
-			*pa = (bus_addr - res->bus_start + res->phys_start);
-			return 0;
-		}
+		if (bus_addr < res->bus_start)
+			continue;
+
+		offset = bus_addr - res->bus_start;
+		if (offset >= res->size)
+			continue;
+
+		if (len > res->size - offset)
+			continue;
+
+		*pa = res->phys_start + offset;
+		return 0;
 	}
 
 	return 1;
 }
 
 phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t bus_addr,
-			       unsigned long flags)
+			       size_t len, unsigned long flags)
 {
 	phys_addr_t phys_addr = 0;
 	struct udevice *ctlr;
@@ -1441,14 +1449,14 @@ phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t bus_addr,
 	 * on matches that don't have PCI_REGION_SYS_MEMORY set
 	 */
 	if ((flags & PCI_REGION_TYPE) == PCI_REGION_MEM) {
-		ret = _dm_pci_bus_to_phys(ctlr, bus_addr,
+		ret = _dm_pci_bus_to_phys(ctlr, bus_addr, len,
 					  flags, PCI_REGION_SYS_MEMORY,
 					  &phys_addr);
 		if (!ret)
 			return phys_addr;
 	}
 
-	ret = _dm_pci_bus_to_phys(ctlr, bus_addr, flags, 0, &phys_addr);
+	ret = _dm_pci_bus_to_phys(ctlr, bus_addr, len, flags, 0, &phys_addr);
 
 	if (ret)
 		puts("pci_hose_bus_to_phys: invalid physical address\n");
@@ -1457,12 +1465,12 @@ phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t bus_addr,
 }
 
 static int _dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t phys_addr,
-			       unsigned long flags, unsigned long skip_mask,
-			       pci_addr_t *ba)
+			       size_t len, unsigned long flags,
+			       unsigned long skip_mask, pci_addr_t *ba)
 {
 	struct pci_region *res;
 	struct udevice *ctlr;
-	pci_addr_t bus_addr;
+	phys_addr_t offset;
 	int i;
 	struct pci_controller *hose;
 
@@ -1484,20 +1492,25 @@ static int _dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t phys_addr,
 		if (res->flags & skip_mask)
 			continue;
 
-		bus_addr = phys_addr - res->phys_start + res->bus_start;
+		if (phys_addr < res->phys_start)
+			continue;
 
-		if (bus_addr >= res->bus_start &&
-		    (bus_addr - res->bus_start) < res->size) {
-			*ba = bus_addr;
-			return 0;
-		}
+		offset = phys_addr - res->phys_start;
+		if (offset >= res->size)
+			continue;
+
+		if (len > res->size - offset)
+			continue;
+
+		*ba = res->bus_start + offset;
+		return 0;
 	}
 
 	return 1;
 }
 
 pci_addr_t dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t phys_addr,
-			      unsigned long flags)
+			      size_t len, unsigned long flags)
 {
 	pci_addr_t bus_addr = 0;
 	int ret;
@@ -1507,13 +1520,13 @@ pci_addr_t dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t phys_addr,
 	 * on matches that don't have PCI_REGION_SYS_MEMORY set
 	 */
 	if ((flags & PCI_REGION_TYPE) == PCI_REGION_MEM) {
-		ret = _dm_pci_phys_to_bus(dev, phys_addr, flags,
+		ret = _dm_pci_phys_to_bus(dev, phys_addr, len, flags,
 					  PCI_REGION_SYS_MEMORY, &bus_addr);
 		if (!ret)
 			return bus_addr;
 	}
 
-	ret = _dm_pci_phys_to_bus(dev, phys_addr, flags, 0, &bus_addr);
+	ret = _dm_pci_phys_to_bus(dev, phys_addr, len, flags, 0, &bus_addr);
 
 	if (ret)
 		puts("pci_hose_phys_to_bus: invalid physical address\n");
diff --git a/include/pci.h b/include/pci.h
index 5ba82826f4..e5fbe03cb9 100644
--- a/include/pci.h
+++ b/include/pci.h
@@ -1436,14 +1436,15 @@ void dm_pci_write_bar32(struct udevice *dev, int barnum, u32 addr);
 u32 dm_pci_read_bar32(const struct udevice *dev, int barnum);
 
 /**
- * dm_pci_bus_to_phys() - convert a PCI bus address to a physical address
+ * dm_pci_bus_to_phys() - convert a PCI bus address range to a physical address
  *
  * @dev:	Device containing the PCI address
  * @addr:	PCI address to convert
+ * @len:	Length of the address range
  * @flags:	Flags for the region type (PCI_REGION_...)
  * Return: physical address corresponding to that PCI bus address
  */
-phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t addr,
+phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t addr, size_t len,
 			       unsigned long flags);
 
 /**
@@ -1451,10 +1452,11 @@ phys_addr_t dm_pci_bus_to_phys(struct udevice *dev, pci_addr_t addr,
  *
  * @dev:	Device containing the bus address
  * @addr:	Physical address to convert
+ * @len:	Length of the address range
  * @flags:	Flags for the region type (PCI_REGION_...)
  * Return: PCI bus address corresponding to that physical address
  */
-pci_addr_t dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t addr,
+pci_addr_t dm_pci_phys_to_bus(struct udevice *dev, phys_addr_t addr, size_t len,
 			      unsigned long flags);
 
 /**
@@ -1576,19 +1578,19 @@ int dm_pci_find_ext_capability(struct udevice *dev, int cap);
 int dm_pci_flr(struct udevice *dev);
 
 #define dm_pci_virt_to_bus(dev, addr, flags) \
-	dm_pci_phys_to_bus(dev, (virt_to_phys(addr)), (flags))
+	dm_pci_phys_to_bus(dev, (virt_to_phys(addr)), 0, (flags))
 #define dm_pci_bus_to_virt(dev, addr, flags, len, map_flags) \
-	map_physmem(dm_pci_bus_to_phys(dev, (addr), (flags)), \
+	map_physmem(dm_pci_bus_to_phys(dev, (addr), (len), (flags)), \
 		    (len), (map_flags))
 
 #define dm_pci_phys_to_mem(dev, addr) \
-	dm_pci_phys_to_bus((dev), (addr), PCI_REGION_MEM)
+	dm_pci_phys_to_bus((dev), (addr), 0, PCI_REGION_MEM)
 #define dm_pci_mem_to_phys(dev, addr) \
-	dm_pci_bus_to_phys((dev), (addr), PCI_REGION_MEM)
+	dm_pci_bus_to_phys((dev), (addr), 0, PCI_REGION_MEM)
 #define dm_pci_phys_to_io(dev, addr) \
-	dm_pci_phys_to_bus((dev), (addr), PCI_REGION_IO)
+	dm_pci_phys_to_bus((dev), (addr), 0, PCI_REGION_IO)
 #define dm_pci_io_to_phys(dev, addr) \
-	dm_pci_bus_to_phys((dev), (addr), PCI_REGION_IO)
+	dm_pci_bus_to_phys((dev), (addr), 0, PCI_REGION_IO)
 
 #define dm_pci_virt_to_mem(dev, addr) \
 	dm_pci_virt_to_bus((dev), (addr), PCI_REGION_MEM)
-- 
2.35.1.1021.g381101b075-goog

