From patchwork Wed Jan 23 11:27:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Venkatesh Srinivas X-Patchwork-Id: 10777121 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 21C3D139A for ; Wed, 23 Jan 2019 11:36:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FAD72A1F3 for ; Wed, 23 Jan 2019 11:36:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 02B332AC03; Wed, 23 Jan 2019 11:36:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 838522A1F3 for ; Wed, 23 Jan 2019 11:36:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727050AbfAWLgP (ORCPT ); Wed, 23 Jan 2019 06:36:15 -0500 Received: from resqmta-ch2-08v.sys.comcast.net ([69.252.207.40]:42552 "EHLO resqmta-ch2-08v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726317AbfAWLgO (ORCPT ); Wed, 23 Jan 2019 06:36:14 -0500 X-Greylist: delayed 488 seconds by postgrey-1.27 at vger.kernel.org; Wed, 23 Jan 2019 06:36:14 EST Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-08v.sys.comcast.net with ESMTP id mGhRgY4FZBF9amGhSgmzk6; Wed, 23 Jan 2019 11:28:06 +0000 Received: from ubuntu.fios-router.home ([98.109.86.97]) by resomta-ch2-08v.sys.comcast.net with ESMTPSA id mGhEg1rbx3XZ6mGhFga32X; Wed, 23 Jan 2019 11:28:03 +0000 X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedtledriedtgddvkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffogggtgfesthekredtredtjeenucfhrhhomhepgggvnhhkrghtvghshhcuufhrihhnihhvrghsuceovhhsrhhinhhivhgrshesohhpshdutddurdhorhhgqeenucffohhmrghinhephhgrnhgulhgvrhdrrhgvrggunecukfhppeelkedruddtledrkeeirdeljeenucfrrghrrghmpehhvghlohepuhgsuhhnthhurdhfihhoshdqrhhouhhtvghrrdhhohhmvgdpihhnvghtpeelkedruddtledrkeeirdeljedpmhgrihhlfhhrohhmpehvshhrihhnihhvrghssehophhsuddtuddrohhrghdprhgtphhtthhopehkvhhmsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohepmhhsthesrhgvughhrghtrdgtohhmpdhrtghpthhtohepghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhgpdhrtghpthhtohepvhgvnhhkrghtvghshhhssehgohhoghhlvgdrtghomhenucevlhhushhtvghrufhiiigvpedt X-Xfinity-VMeta: sc=0;st=legit From: Venkatesh Srinivas To: kvm@vger.kernel.org Cc: mst@redhat.com, gregkh@linuxfoundation.org, venkateshs@google.com Subject: [PATCH RESEND v2] uio/uio_pci_generic: Disable bus-mastering on release Date: Wed, 23 Jan 2019 11:27:51 +0000 Message-Id: <20190123112751.5789-1-vsrinivas@ops101.org> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Venkatesh Srinivas Userspace code using uio_pci_generic may enable bus-mastering by directly manipulating a PCI device's command register. If a userspace program enables bus-mastering but exits/crashes uncleanly, bus- mastering will still be enabled and stale DMA addresses may be programmed and live in the device. Disable bus-mastering unconditionally on last close of a UIO PCI fd to avoid this. If the device did not have bus-mastering enabled, pci_clear_master() is a no-op. Signed-off-by: Venkatesh Srinivas Reviewed-by: Bjorn Helgaas Reviewed-by: Catherine Sullivan Acked-by: Michael S. Tsirkin --- drivers/uio/uio_pci_generic.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/uio/uio_pci_generic.c b/drivers/uio/uio_pci_generic.c index 8773e373ffe5..dde5cbb27178 100644 --- a/drivers/uio/uio_pci_generic.c +++ b/drivers/uio/uio_pci_generic.c @@ -39,6 +39,22 @@ to_uio_pci_generic_dev(struct uio_info *info) return container_of(info, struct uio_pci_generic_dev, info); } +static int release(struct uio_info *info, struct inode *inode) +{ + struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info); + + /* + * This driver is insecure when used with devices doing DMA, but some +  * people (mis)use it with such devices. +  * Let's at least make sure DMA isn't left enabled after the userspace +  * driver closes the fd. +  * Note that there's a non-zero chance doing this will wedge the device +  * at least until reset. + */ + pci_clear_master(gdev->pdev); + return 0; +} + /* Interrupt handler. Read/modify/write the command register to disable * the interrupt. */ static irqreturn_t irqhandler(int irq, struct uio_info *info) @@ -78,6 +94,7 @@ static int probe(struct pci_dev *pdev, gdev->info.name = "uio_pci_generic"; gdev->info.version = DRIVER_VERSION; + gdev->info.release = release; gdev->pdev = pdev; if (pdev->irq) { gdev->info.irq = pdev->irq;