On Tue, Apr 12, 2022 at 12:23 AM Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com wrote:
On 4/9/22 09:39, Zheyu Ma wrote:
The driver should use the pci_resource_len() to get the actual length of pci bar, and compare it with the expect value. If the bar size is too small (such as a broken device), the driver should return an error.
Signed-off-by: Zheyu Ma zheyuma97@gmail.com
sound/soc/sof/intel/pci-tng.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/intel/pci-tng.c b/sound/soc/sof/intel/pci-tng.c index 6efef225973f..7d502cc3ca80 100644 --- a/sound/soc/sof/intel/pci-tng.c +++ b/sound/soc/sof/intel/pci-tng.c @@ -75,7 +75,11 @@ static int tangier_pci_probe(struct snd_sof_dev *sdev)
/* LPE base */ base = pci_resource_start(pci, desc->resindex_lpe_base) - IRAM_OFFSET;
size = PCI_BAR_SIZE;
size = pci_resource_len(pci, desc->resindex_lpe_base);if (size < PCI_BAR_SIZE) {dev_err(sdev->dev, "error: I/O region is too small.\n");return -ENODEV;}May I ask how you found this issue?
Actually, I tested this driver via fuzzing in a simulated environment and got a crash. Hence, I try to propose a patch and ask for the help of maintainers to determine whether this is an issue.
Thanks, Zheyu Ma