{"id":2234873,"url":"http://patchwork.ozlabs.org/api/1.2/covers/2234873/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-pci/cover/20260508082128.3344255-1-kanie@linux.alibaba.com/","project":{"id":28,"url":"http://patchwork.ozlabs.org/api/1.2/projects/28/?format=json","name":"Linux PCI development","link_name":"linux-pci","list_id":"linux-pci.vger.kernel.org","list_email":"linux-pci@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260508082128.3344255-1-kanie@linux.alibaba.com>","list_archive_url":null,"date":"2026-05-08T08:21:26","name":"[v12,0/2] PCI: Fix crash when access broken ROM","submitter":{"id":89531,"url":"http://patchwork.ozlabs.org/api/1.2/people/89531/?format=json","name":"Guixin Liu","email":"kanie@linux.alibaba.com"},"mbox":"http://patchwork.ozlabs.org/project/linux-pci/cover/20260508082128.3344255-1-kanie@linux.alibaba.com/mbox/","series":[{"id":503346,"url":"http://patchwork.ozlabs.org/api/1.2/series/503346/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-pci/list/?series=503346","date":"2026-05-08T08:21:26","name":"PCI: Fix crash when access broken ROM","version":12,"mbox":"http://patchwork.ozlabs.org/series/503346/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2234873/comments/","headers":{"Return-Path":"\n <linux-pci+bounces-54238-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=linux.alibaba.com header.i=@linux.alibaba.com\n header.a=rsa-sha256 header.s=default header.b=s3waDUJd;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=linux-pci+bounces-54238-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=linux.alibaba.com\n header.i=@linux.alibaba.com header.b=\"s3waDUJd\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=115.124.30.112","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.alibaba.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.alibaba.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBht4018jz1yKm\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 18:21:47 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 33C9F3006B6D\n\tfor <incoming@patchwork.ozlabs.org>; Fri,  8 May 2026 08:21:45 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5B2B836E48B;\n\tFri,  8 May 2026 08:21:43 +0000 (UTC)","from out30-112.freemail.mail.aliyun.com\n (out30-112.freemail.mail.aliyun.com [115.124.30.112])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 98DDA37649A\n\tfor <linux-pci@vger.kernel.org>; Fri,  8 May 2026 08:21:38 +0000 (UTC)","from localhost(mailfrom:kanie@linux.alibaba.com\n fp:SMTPD_---0X2WqcIT_1778228488 cluster:ay36)\n          by smtp.aliyun-inc.com;\n          Fri, 08 May 2026 16:21:34 +0800"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778228502; cv=none;\n b=ljSEJbWBYW/GmTvHTqGsx3HLhavluC0sqLY6APx+oTV1IJFKEvOZ14JPM3Lvv4YKfFSQMQxzbzf3wyOxWAG9XbMmgTOMSa5AZTtpOVRSdu/ulxh8IzxVBsDnb7oOLPF6ogLj+Uer4ytLk2sPGvg5gj5fL+DpZde7+NioKzF9axE=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778228502; c=relaxed/simple;\n\tbh=fH3APPdQ1h3Iw+fvYSemzsnDQ7XSeHDX6Rr+3hHdVPQ=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type;\n b=qD1awvzoj+pVHwXJwvUpll3AcY2+Y2yvRFRaAjnMSeyAIy74pMnLx+WJ1KgVuNKbrMlFA9bQqAmsxjlqDiiWWBcboM9zsyLS/9EG+qi2vHLZtSxFAXOxoSxE0OQ/o4OURyLT7yIqMe55FORiEIhkkkt8coz6pesUYVoW4SFX8XU=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.alibaba.com;\n spf=pass smtp.mailfrom=linux.alibaba.com;\n dkim=pass (1024-bit key) header.d=linux.alibaba.com\n header.i=@linux.alibaba.com header.b=s3waDUJd;\n arc=none smtp.client-ip=115.124.30.112","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=linux.alibaba.com; s=default;\n\tt=1778228495; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;\n\tbh=qhRalLrhBMvmOFNb9c9SZR3d/E72vBtPlylO5i3gcII=;\n\tb=s3waDUJddT8+ZEsN7crJNHltjnM8SONow0jXSbNbxUiLCQ0nG60C1DYMYgIgDlP+wBVjHPpgi7OBm0XRAkK7IjIHN1DD0OlbfDucT2doKKnRS5YoFJr8DnGuUobVdmtk6WGEOMfIVDixJrz+98NJUFUu8/nEX6BGUW7Ky4wrCMo=","X-Alimail-AntiSpam":"\n AC=PASS;BC=-1|-1;BR=01201311R211e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=kanie@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0X2WqcIT_1778228488;","From":"Guixin Liu <kanie@linux.alibaba.com>","To":"Bjorn Helgaas <bhelgaas@google.com>,\n Andy Shevchenko <andriy.shevchenko@intel.com>,\n =?utf-8?q?Ilpo_J=C3=A4rvinen?= <ilpo.jarvinen@linux.intel.com>, =?utf-8?q?K?=\n\t=?utf-8?q?rzysztof_Wilczy=C5=84ski?= <kwilczynski@kernel.org>","Cc":"linux-pci@vger.kernel.org,\n\txlpang@linux.alibaba.com,\n\toliver.yang@linux.alibaba.com","Subject":"[PATCH v12 0/2] PCI: Fix crash when access broken ROM","Date":"Fri,  8 May 2026 16:21:26 +0800","Message-ID":"<20260508082128.3344255-1-kanie@linux.alibaba.com>","X-Mailer":"git-send-email 2.43.7","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"<linux-pci.vger.kernel.org>","List-Subscribe":"<mailto:linux-pci+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-pci+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=UTF-8","Content-Transfer-Encoding":"8bit"},"content":"v11 -> v12:\n- Add rb tag from Krzysztof Wilczyński in the first patch, thanks.\n- Change \"get\" to \"Get\".\n- Renamed parameter last_image → expect_valid in\n  pci_rom_is_header_valid() to better reflect its semantics: it\n  indicates whether the caller expects the image to be valid\n  (and thus whether a missing/invalid signature should be reported\n  as an error or as normal end-of-chain).\n- Tightened image alignment check: replaced the 2-byte alignment check\n  with a 512-byte (PCI_ROM_IMAGE_SECTOR_SIZE) alignment check on image,\n  per PCI Firmware Specification r3.3, sec 5.1, which mandates that each\n  ROM image starts on a 512-byte boundary. This also satisfies the\n  natural-alignment requirement of readw() on architectures such as arm64.\n- Updated comment to cite the PCI Firmware Spec r3.3 sec 5.1 as the\n  authoritative source for the alignment requirement, and to explain the\n  relationship between page-aligned rom, sector-aligned image,\n  and the IOMEM access constraint.\n- Fixed off-by-one in overflow checks: check_add_overflow() now uses\n  PCI_ROM_HEADER_SIZE - 1 and data_len - 1 so that header_end / end\n  represent the inclusive last byte of the region, matching the\n  subsequent > rom_end comparison.\n- Refactored signature-check log flow: collapsed the dual-return branches\n  into a single if (signature != PCI_ROM_IMAGE_SIGNATURE) block, emitting\n  the appropriate pci_info() based on expect_valid, then returning false;\n  success path returns true at the end.\n- Reorder pci_rom_is_data_struct_valid() to check the \"PCIR\" signature\n  before reading data_len, so bad signatures are still logged.\n- Collapse the signature branch to early-return on failure,\n  matching the style of pci_rom_is_header_valid().\n- Add PCI_ROM_DATA_STRUCT_MIN_LEN (0x18), the PCI 2.x baseline PCI Data\n  Structure length.\n- Reject data_len < PCI_ROM_DATA_STRUCT_MIN_LEN to keep the fixed-offset\n  reads (PCI_ROM_IMAGE_LEN @0x10, PCI_ROM_LAST_IMAGE_INDICATOR @0x15)\n  in pci_get_rom_size() inside the mapped ROM window.\n- Cite PCI Firmware Spec r3.3 sec 5.1.3 Table 5-2 in the new macro's\n  comment.\n\nv10 -> v11:\n- Change 'pci rom' to 'PCI ROM' of the tittle of the first patch.\n- Add Andy Shevchenko's rb tag in the first patch, thanks. \n\nv9 -> v10:\n- Reorder the header files, and not touch kernel.h\n- Change PCI_ROM_IMAGE_LEN_UNIT_BYTES to PCI_ROM_IMAGE_SECTOR_SIZE.\n- Add a comment for PCI_ROM_DATA_STRUCT_SIGNATURE.\n\nv8 -> v9:\n- Supplemental explanation for the commit body of the first patch.\n- Change PCI_ROM_IMAGE_LEN_UNIT_SZ_512 to PCI_ROM_IMAGE_LEN_UNIT_BYTES,\nand change it's definition to SZ_512.\n- Use u16 and u32 for signature val instead of unsigned short/int.\n\nv7 -> v8:\n- Ordered header files alphabetically.\n- Convert the literals too in the firt patch.\n- Use local val to save signature instead of reading twice.\n\nv6 -> v7:\n- Put all named defines to a separate patch.\n- Change PCI_ROM_IMAGE_LEN_UNIT_BYTES to PCI_ROM_IMAGE_LEN_UNIT_SZ_512.\n- Named BIT(7) to PCI_ROM_LAST_IMAGE_INDICATOR_BIT.\n- Fix all other comments from Ilpo, such as including header files,\nand alignment fault, Thanks.\n\nv5 -> v6:\n- Convert some magic number to named defines, suggested by\nIlpo, thanks.\n\nv4 -> v5:\n- Add Andy Shevchenko's rb tag, thanks.\n- Change u64 to unsigned long.\n- Change pci_rom_header_valid() to pci_rom_is_header_valid() and\nchange pci_rom_data_struct_valid() to pci_rom_is_data_struct_valid().\n- Change rom_end from rom+size to rom+size-1 for more readble,\nand also change header_end >= rom_end to header_end > rom_end, same\nas data structure end.\n- Change if(!last_image) to if (last_image)..\n- Use U16_MAX instead of 0xffff.\n- Split check_add_overflow() from data_len checking.\n- Remove !!() when reading last_image, and Use BIT(7) instead of 0x80.\n\nv3 -> v4:\n- Use \"u64\" instead of \"uintptr_t\".\n- Invert the if statement to avoid excessive indentation.\n- Add comment for alignment checking.\n- Change last_image's type from int to bool.\n\nv2 -> v3:\n- Add pci_rom_header_valid() helper for checking image addr and signature.\n- Add pci_rom_data_struct_valid() helper for checking data struct add\nand signature.\n- Handle overflow issue when adding addr with size.\n- Handle alignment fault when running on arm64.\n\nv1 -> v2:\n- Fix commit body problems, such as blank line in \"Call Trace\" both sides,\n  thanks, (Andy Shevchenko).\n- Remove every step checking, just check the addr is in header or data\nstruct.\n- Add Suggested-by: Guanghui Feng <guanghuifeng@linux.alibaba.com> tag.\n\nGuixin Liu (2):\n  PCI: Introduce named defines for PCI ROM\n  PCI: Check ROM header and data structure addr before accessing\n\n drivers/pci/rom.c | 154 +++++++++++++++++++++++++++++++++++++++-------\n 1 file changed, 131 insertions(+), 23 deletions(-)"}