[PATCH 4/4] PCI: Prevent overflow in proc_bus_pci_read()

Next message: Ziming Du: "[PATCH 3/4] PCI: Prevent overflow in proc_bus_pci_write()"
Previous message: Martin K. Petersen: "Re: [PATCH] scsi: ufs: core: Disable timestamp for Kioxia THGJFJT0E25BAIP"
In reply to: Ziming Du: "[PATCH 0/4] PCI: Fix procfs PCI config access issues"
Next in thread: Ziming Du: "[PATCH 3/4] PCI: Prevent overflow in proc_bus_pci_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ziming Du

Date: Mon Apr 13 2026 - 22:22:38 EST

proc_bus_pci_read() assigns the 64-bit loff_t *ppos directly to a 32-bit
integer variable. For large offsets, such as 0x100000000, this
implicit conversion could truncate the value and incorrectly consider the
offset as valid.

Fix this by changing the type of off to loff_t.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Ziming Du <duziming2@xxxxxxxxxx>
Suggested-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
---
drivers/pci/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
index a5db7d23353a..f11f48becf52 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -29,7 +29,7 @@ static ssize_t proc_bus_pci_read(struct file *file, char __user *buf,
size_t nbytes, loff_t *ppos)
{
struct pci_dev *dev = pde_data(file_inode(file));
- unsigned int off = *ppos;
+ loff_t off = *ppos;
unsigned int count = nbytes;
unsigned int size;

--
2.43.0