From patchwork Thu Oct 21 08:38:16 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Wilck X-Patchwork-Id: 270271 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id o9L8fG8N000599 for ; Thu, 21 Oct 2010 08:41:16 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751531Ab0JUIlP (ORCPT ); Thu, 21 Oct 2010 04:41:15 -0400 Received: from dgate20.ts.fujitsu.com ([80.70.172.51]:33918 "EHLO dgate20.ts.fujitsu.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752627Ab0JUIlN (ORCPT ); Thu, 21 Oct 2010 04:41:13 -0400 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Thu, 21 Oct 2010 08:41:16 +0000 (UTC) X-Greylist: delayed 580 seconds by postgrey-1.27 at vger.kernel.org; Thu, 21 Oct 2010 04:41:12 EDT DomainKey-Signature: s=s1536a; d=ts.fujitsu.com; c=nofws; q=dns; h=X-SBRSScore:X-IronPort-AV:Received:X-IronPort-AV: Received:Received:Received:X-Authentication-Warning:Date: From:To:Subject:Cc:Message-ID:User-Agent:MIME-Version: Content-Type; b=UqNiIQvFcfls3Ip9NYNNxwi5nQQxELk+xEBk4QD+YBNa4JDxNxh2MloB MuOdem4SxE23fP5vngvGpzNlyxK/j2y6CEPlGJ311aKP/jNfkBY79tH5z BPqFkzF4sBUZAOekTHhZOlepCLKL8H3P713o89h8iGjxtjrldkpM/Fmc4 1s+yRpVPCMe2u0pJZ/zC4HjnyYouEoK9IW1U/tvfFJ1kOoOhMmGMI/+YN yf7HjllO7bmuXjwpHgNr6f/Gnkrp4; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ts.fujitsu.com; i=martin.wilck@ts.fujitsu.com; q=dns/txt; s=s1536b; t=1287650473; x=1319186473; h=date:from:to:subject:cc:message-id:mime-version; z=Date:=20Thu,=2021=20Oct=202010=2010:38:16=20+0200|From: =20martin.wilck@ts.fujitsu.com|To:=20linux-kernel@vger.ke rnel.org,=20linux-pci@vger.kernel.org,=0D=0A=20=20=20=20 =20=20=20=20jbarnes@virtuousgeek.org|Subject:=20[PATCH] =20fix=20size=20checks=20for=20mmap()=20on=20/proc/bus/pc i=20files=0D=0A=20(resent)|Cc:=20gerhard.wichert@ts.fujit su.com,=20martin.wilck@ts.fujitsu.com|Message-ID:=20<4cbf fbf8.Qhs/h1a0ymU/N8ON%martin.wilck@ts.fujitsu.com> |MIME-Version:=201.0; bh=yoJa1OK6yTOm/YiId1jVlHaqTYMHmj1yC3WjGwL2pGA=; b=XtkF9jxqq8GdSru6naCrS0ZOyMmOFgyOXWckwZ+DmBn0Sb3x7zM/ae3t AX29taAA8n2qXg/IXREr8TxoOnH2Vgi0Dk9P4ZOusQWi9Ah9LaZaL6bbe z+3c8P7jFqwbCQXdyH5uXpan476Nv6BEwrsnUhCqtjaclUKUBCNwnIPJc I21HZ196g7Fu9oOUqs5PuFM5v8q5TDAbGfvUmWWssMSqCvQ8AJ/ur3GDe N8XcweYhIj5Nt6cY8/XVX6j6nLlXT; X-SBRSScore: None X-IronPort-AV: E=Sophos;i="4.58,216,1286143200"; d="scan'208";a="48738469" Received: from abgdgate30u.abg.fsc.net ([172.25.138.66]) by dgate20u.abg.fsc.net with ESMTP; 21 Oct 2010 10:41:11 +0200 X-IronPort-AV: E=Sophos;i="4.58,216,1286143200"; d="scan'208";a="101452648" Received: from unknown (HELO cooper.psw.pdbps.fsc.net) ([172.25.253.64]) by abgdgate30u.abg.fsc.net with ESMTP; 21 Oct 2010 10:41:11 +0200 Received: from cooper.psw.pdbps.fsc.net (cooper.psw.pdbps.fsc.net [127.0.0.1]) by cooper.psw.pdbps.fsc.net (8.14.4/8.14.4) with ESMTP id o9L8cGET015653; Thu, 21 Oct 2010 10:38:16 +0200 Received: (from martin@localhost) by cooper.psw.pdbps.fsc.net (8.14.4/8.14.4/Submit) id o9L8cGYf015650; Thu, 21 Oct 2010 10:38:16 +0200 X-Authentication-Warning: cooper.psw.pdbps.fsc.net: martin set sender to martin.wilck@ts.fujitsu.com using -r Date: Thu, 21 Oct 2010 10:38:16 +0200 From: martin.wilck@ts.fujitsu.com To: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, jbarnes@virtuousgeek.org Subject: [PATCH] fix size checks for mmap() on /proc/bus/pci files (resent) Cc: gerhard.wichert@ts.fujitsu.com, martin.wilck@ts.fujitsu.com Message-ID: <4cbffbf8.Qhs/h1a0ymU/N8ON%martin.wilck@ts.fujitsu.com> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Sender: linux-pci-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org --- a/drivers/pci/pci.h.orig 2010-09-01 06:57:20.000000000 +0200 +++ a/drivers/pci/pci.h 2010-10-20 18:44:22.000000000 +0200 @@ -14,7 +14,7 @@ extern void pci_remove_sysfs_dev_files(s extern void pci_cleanup_rom(struct pci_dev *dev); #ifdef HAVE_PCI_MMAP extern int pci_mmap_fits(struct pci_dev *pdev, int resno, - struct vm_area_struct *vma); + struct vm_area_struct *vmai, int is_proc); #endif int pci_probe_reset_function(struct pci_dev *dev); --- a/drivers/pci/proc.c.orig 2010-09-01 06:57:17.000000000 +0200 +++ a/drivers/pci/proc.c 2010-10-20 18:53:37.000000000 +0200 @@ -259,7 +259,7 @@ static int proc_bus_pci_mmap(struct file /* Make sure the caller is mapping a real resource for this device */ for (i = 0; i < PCI_ROM_RESOURCE; i++) { - if (pci_mmap_fits(dev, i, vma)) + if (pci_mmap_fits(dev, i, vma, 1)) break; } --- linux-2.6.32-71.el6.x86_64/drivers/pci/pci-sysfs.c 2010-09-01 06:57:17.000000000 +0200 +++ linux-2.6.32-71.el6.x86_64/drivers/pci/pci-sysfs.c.new 2010-10-21 01:34:58.000000000 +0200 @@ -675,17 +675,18 @@ void pci_remove_legacy_files(struct pci_ #ifdef HAVE_PCI_MMAP -int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma) +int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma, int is_proc) { - unsigned long nr, start, size; + unsigned long nr, start, size, pci_start; + if (pci_resource_len(pdev, resno) == 0) + return 0; nr = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; start = vma->vm_pgoff; size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1; - if (start < size && size - start >= nr) + pci_start = is_proc ? pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0; + if (start >= pci_start && start < pci_start + size && start + nr <= pci_start + size) return 1; - WARN(1, "process \"%s\" tried to map 0x%08lx-0x%08lx on %s BAR %d (size 0x%08lx)\n", - current->comm, start, start+nr, pci_name(pdev), resno, size); return 0; } @@ -715,8 +716,12 @@ pci_mmap_resource(struct kobject *kobj, if (i >= PCI_ROM_RESOURCE) return -ENODEV; - if (!pci_mmap_fits(pdev, i, vma)) + if (!pci_mmap_fits(pdev, i, vma, 0)) { + WARN(1, "process \"%s\" tried to map 0x%08lx bytes at page 0x%08lx on %s BAR %d (start 0x%16Lx, size 0x%16Lx)\n", + current->comm, vma->vm_end-vma->vm_start, vma->vm_pgoff, pci_name(pdev), i, + pci_resource_start(pdev, i), pci_resource_len(pdev, i)); return -EINVAL; + } /* pci_mmap_page_range() expects the same kind of entry as coming * from /proc/bus/pci/ which is a "user visible" value. If this is