From patchwork Thu Oct 21 08:28:33 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Wilck X-Patchwork-Id: 270291 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id o9L8gA0Q001106 for ; Thu, 21 Oct 2010 08:42:10 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754529Ab0JUIlo (ORCPT ); Thu, 21 Oct 2010 04:41:44 -0400 Received: from dgate20.ts.fujitsu.com ([80.70.172.51]:64195 "EHLO dgate20.ts.fujitsu.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754525Ab0JUIln (ORCPT ); Thu, 21 Oct 2010 04:41:43 -0400 DomainKey-Signature: s=s1536a; d=ts.fujitsu.com; c=nofws; q=dns; h=X-SBRSScore:X-IronPort-AV:Received:X-IronPort-AV: Received:Received:Received:X-Authentication-Warning:Date: From:To:Subject:Cc:Message-ID:User-Agent:MIME-Version: Content-Type; b=RhFBCq6YV58RyTGB/wwepkaQ+wMB8KyU6mHCyICNyc5OAm+USydTvZjk 4g+ODGIIJ7URmNUgn7n0ay88YoBtjgvoZtyzq+2dZYL5MMVWT/OIHwYqF 05JUiz5TxbEozsqpWWG4WKEK3WjzHTY54Xff2deWp8wXmV33B/zinrnuf 2NXYvt6T49likWTVL3s/0bAfrIZlvow5Nkvm7D2Q+EhQSkPh7oNe8BFs9 7e/Kyf5N7J8Sw51vBp/ryc/ngA1IP; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ts.fujitsu.com; i=martin.wilck@ts.fujitsu.com; q=dns/txt; s=s1536b; t=1287650503; x=1319186503; h=date:from:to:subject:cc:message-id:mime-version; z=Date:=20Thu,=2021=20Oct=202010=2010:28:33=20+0200|From: =20martin.wilck@ts.fujitsu.com|To:=20linux-kernel@vger.ke rnel.org,=20linux-pci@vger.kernel.org,=0D=0A=20=20=20=20 =20=20=20=20,=20Barnes@cooper.p sw.pdbps.fsc.net,=0D=0A=20=20=20=20=20=20=20=20Jesse@coop er.psw.pdbps.fsc.net|Subject:=20[PATCH]=20fix=20size=20ch ecks=20for=20mmap()=20on=20/proc/bus/pci=20files|Cc:=20ge rhard.wichert@ts.fujitsu.com,=20martin.wilck@ts.fujitsu.c om|Message-ID:=20<4cbff9b1.X5CZHeO9bG6baJma%martin.wilck@ ts.fujitsu.com>|MIME-Version:=201.0; bh=cUPL0Pv1drhWkbM9AAZ/bVUH1ANnfxuRIupf33SoB4I=; b=NO9eeMmQ7yx9MHe+etXWEdj++nJO8ERQmb08Fa5q10YA2W2AaT/GZisd 8akA9aXAVxL2zB8ZVniXTgeSMrBwffrK+rk5/UwcMDCyUzsaAdg2bQN9n 4LGdu6B52Dqigg3TBPFhAJtC28feWFzLbH6b+pJcR0TnybY/FN5tOzxls /W88EIH+0ure0IUEwQ0z3J19iWefN7TEu0lgPp2T6WVEkseB+TmRoRbUT AdLZHihj5LUqxz9PxWn7uNXfhI9dt; X-SBRSScore: None X-IronPort-AV: E=Sophos;i="4.58,216,1286143200"; d="scan'208";a="48736926" Received: from abgdgate40u.abg.fsc.net ([172.25.138.90]) by dgate20u.abg.fsc.net with ESMTP; 21 Oct 2010 10:31:28 +0200 X-IronPort-AV: E=Sophos;i="4.58,216,1286143200"; d="scan'208";a="103682233" Received: from unknown (HELO cooper.psw.pdbps.fsc.net) ([172.25.253.64]) by abgdgate40u.abg.fsc.net with ESMTP; 21 Oct 2010 10:31:28 +0200 Received: from cooper.psw.pdbps.fsc.net (cooper.psw.pdbps.fsc.net [127.0.0.1]) by cooper.psw.pdbps.fsc.net (8.14.4/8.14.4) with ESMTP id o9L8SXGY014908; Thu, 21 Oct 2010 10:28:33 +0200 Received: (from martin@localhost) by cooper.psw.pdbps.fsc.net (8.14.4/8.14.4/Submit) id o9L8SX1I014906; Thu, 21 Oct 2010 10:28:33 +0200 X-Authentication-Warning: cooper.psw.pdbps.fsc.net: martin set sender to martin.wilck@ts.fujitsu.com using -r Date: Thu, 21 Oct 2010 10:28:33 +0200 From: martin.wilck@ts.fujitsu.com To: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, , Barnes@cooper.psw.pdbps.fsc.net, Jesse@cooper.psw.pdbps.fsc.net Subject: [PATCH] fix size checks for mmap() on /proc/bus/pci files Cc: gerhard.wichert@ts.fujitsu.com, martin.wilck@ts.fujitsu.com Message-ID: <4cbff9b1.X5CZHeO9bG6baJma%martin.wilck@ts.fujitsu.com> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Sender: linux-pci-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Thu, 21 Oct 2010 08:42:10 +0000 (UTC) --- a/drivers/pci/pci.h.orig 2010-09-01 06:57:20.000000000 +0200 +++ a/drivers/pci/pci.h 2010-10-20 18:44:22.000000000 +0200 @@ -14,7 +14,7 @@ extern void pci_remove_sysfs_dev_files(s extern void pci_cleanup_rom(struct pci_dev *dev); #ifdef HAVE_PCI_MMAP extern int pci_mmap_fits(struct pci_dev *pdev, int resno, - struct vm_area_struct *vma); + struct vm_area_struct *vmai, int is_proc); #endif int pci_probe_reset_function(struct pci_dev *dev); --- a/drivers/pci/proc.c.orig 2010-09-01 06:57:17.000000000 +0200 +++ a/drivers/pci/proc.c 2010-10-20 18:53:37.000000000 +0200 @@ -259,7 +259,7 @@ static int proc_bus_pci_mmap(struct file /* Make sure the caller is mapping a real resource for this device */ for (i = 0; i < PCI_ROM_RESOURCE; i++) { - if (pci_mmap_fits(dev, i, vma)) + if (pci_mmap_fits(dev, i, vma, 1)) break; } --- linux-2.6.32-71.el6.x86_64/drivers/pci/pci-sysfs.c 2010-09-01 06:57:17.000000000 +0200 +++ linux-2.6.32-71.el6.x86_64/drivers/pci/pci-sysfs.c.new 2010-10-21 01:34:58.000000000 +0200 @@ -675,17 +675,18 @@ void pci_remove_legacy_files(struct pci_ #ifdef HAVE_PCI_MMAP -int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma) +int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma, int is_proc) { - unsigned long nr, start, size; + unsigned long nr, start, size, pci_start; + if (pci_resource_len(pdev, resno) == 0) + return 0; nr = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; start = vma->vm_pgoff; size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1; - if (start < size && size - start >= nr) + pci_start = is_proc ? pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0; + if (start >= pci_start && start < pci_start + size && start + nr <= pci_start + size) return 1; - WARN(1, "process \"%s\" tried to map 0x%08lx-0x%08lx on %s BAR %d (size 0x%08lx)\n", - current->comm, start, start+nr, pci_name(pdev), resno, size); return 0; } @@ -715,8 +716,12 @@ pci_mmap_resource(struct kobject *kobj, if (i >= PCI_ROM_RESOURCE) return -ENODEV; - if (!pci_mmap_fits(pdev, i, vma)) + if (!pci_mmap_fits(pdev, i, vma, 0)) { + WARN(1, "process \"%s\" tried to map 0x%08lx bytes at page 0x%08lx on %s BAR %d (start 0x%16Lx, size 0x%16Lx)\n", + current->comm, vma->vm_end-vma->vm_start, vma->vm_pgoff, pci_name(pdev), i, + pci_resource_start(pdev, i), pci_resource_len(pdev, i)); return -EINVAL; + } /* pci_mmap_page_range() expects the same kind of entry as coming * from /proc/bus/pci/ which is a "user visible" value. If this is