pci: fix overflow in __pci_hose_bus_to_phys w/ large RAM

If a 32-bit system has 2GB of RAM, and the base address of that RAM is
2GB, then start+size will overflow a 32-bit value (to a value of 0).

To avoid such an overflow, convert __pci_hose_bus_to_phys() to calculate
the offset of a bus address into a PCI region, rather than comparing a
bus address against the end of a PCI region.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index ed113bf4022f2c3857d3c5a2c1699569f86c1ecd..4fd9c532b3fbf8df2b351537dca1b196298f5899 100644 (file)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -323,7 +323,7 @@ int __pci_hose_bus_to_phys(struct pci_controller *hose,
                        continue;
 
                if (bus_addr >= res->bus_start &&
-                       bus_addr < res->bus_start + res->size) {
+                       (bus_addr - res->bus_start) < res->size) {
                        *pa = (bus_addr - res->bus_start + res->phys_start);
                        return 0;
                }