From 445ec321e71b3124abacfb358f72ac6a70d87602 Mon Sep 17 00:00:00 2001
From: Rex Zhu <Rex.Zhu@amd.com>
Date: Tue, 5 Jun 2018 09:46:45 +0800
Subject: PCI: Avoid accessing memory outside the ROM BAR

pci_get_rom_size() accepts the base and size of the ROM BAR as arguments.
The byte at "rom + size" is the first byte *past* the ROM, so change ">" to
">=" to avoid accessing beyond the actual length of the ROM BAR.

Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/pci/rom.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index a7b5c37a85ec..946795fc0071 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -106,7 +106,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
 		length = readw(pds + 16);
 		image += length * 512;
 		/* Avoid iterating through memory outside the resource window */
-		if (image > rom + size)
+		if (image >= rom + size)
 			break;
 	} while (length && !last_image);
 
-- 
cgit v1.2.3