From 440c6a83a7747e2ffdf61cc1300f0b947be61e9e Mon Sep 17 00:00:00 2001
From: Myron Stowe <mstowe@redhat.com>
Date: Tue, 25 Mar 2025 08:53:57 -0600
Subject: [PATCH] PCI: rcar-ep: Fix incorrect variable used when calling
 devm_request_mem_region()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

JIRA: https://issues.redhat.com/browse/RHEL-83611
Upstream Status: 2d2da5a4c1b4509f6f7e5a8db015cd420144beb4

commit 2d2da5a4c1b4509f6f7e5a8db015cd420144beb4
Author: King Dix <kingdix10@qq.com>
Date:   Thu Jan 9 08:50:18 2025 +0800

    PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()

    The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()
    macro to request a needed resource. A string variable that lives on the
    stack is then used to store a dynamically computed resource name, which
    is then passed on as one of the macro arguments. This can lead to
    undefined behavior.

    Depending on the current contents of the memory, the manifestations of
    errors may vary. One possible output may be as follows:

      $ cat /proc/iomem
      30000000-37ffffff :
      38000000-3fffffff :

    Sometimes, garbage may appear after the colon.

    In very rare cases, if no NULL-terminator is found in memory, the system
    might crash because the string iterator will overrun which can lead to
    access of unmapped memory above the stack.

    Thus, fix this by replacing outbound_name with the name of the previously
    requested resource. With the changes applied, the output will be as
    follows:

      $ cat /proc/iomem
      30000000-37ffffff : memory2
      38000000-3fffffff : memory3

    Fixes: 2a6d0d63d999 ("PCI: rcar: Add endpoint mode support")
    Link: https://lore.kernel.org/r/tencent_DBDCC19D60F361119E76919ADAB25EC13C06@qq.com
    Tested-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
    Signed-off-by: King Dix <kingdix10@qq.com>
    [kwilczynski: commit log]
    Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
    Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
    Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>

Signed-off-by: Myron Stowe <mstowe@redhat.com>
---
 drivers/pci/controller/pcie-rcar-ep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/controller/pcie-rcar-ep.c b/drivers/pci/controller/pcie-rcar-ep.c
index 047e2cef5afcd..c5e0d025bc435 100644
--- a/drivers/pci/controller/pcie-rcar-ep.c
+++ b/drivers/pci/controller/pcie-rcar-ep.c
@@ -107,7 +107,7 @@ static int rcar_pcie_parse_outbound_ranges(struct rcar_pcie_endpoint *ep,
 		}
 		if (!devm_request_mem_region(&pdev->dev, res->start,
 					     resource_size(res),
-					     outbound_name)) {
+					     res->name)) {
 			dev_err(pcie->dev, "Cannot request memory region %s.\n",
 				outbound_name);
 			return -EIO;
-- 
GitLab