[PATCH v13 03/16] PCI: Check resource alignment for /sys pci_mmap_resource path

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yinghai Lu <yinghai@kernel.org>
To: Bjorn Helgaas <bhelgaas@google.com>,
	David Miller <davem@davemloft.net>,
	Benjamin Herrenschmidt <benh@kernel.crashing.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Cc: Wei Yang <weiyang@linux.vnet.ibm.com>,
	Khalid Aziz <khalid.aziz@oracle.com>,
	linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
	Yinghai Lu <yinghai@kernel.org>
Subject: [PATCH v13 03/16] PCI: Check resource alignment for /sys pci_mmap_resource path
Date: Fri, 17 Jun 2016 19:24:48 -0700	[thread overview]
Message-ID: <20160618022501.15648-4-yinghai@kernel.org> (raw)
In-Reply-To: <20160618022501.15648-1-yinghai@kernel.org>

When user access /sys/.../resourceX  with pci_mmap_resource(),
pci_mmap_resource():
	...
        pci_resource_to_user(pdev, i, res, &start, &end);
        vma->vm_pgoff += start >> PAGE_SHIFT;
        mmap_type = res->flags & IORESOURCE_MEM ? pci_mmap_mem : pci_mmap_io;
        return pci_mmap_page_range(pdev, vma, mmap_type, write_combine);
so it will return virtual address for round_down of start.

user code should pass offset with PAGE_SIZE offset.
  fd = open(argv[1], O_RDONLY);
  ...
  sscanf(argv[2], "0x%lx", &offset);
  left = offset & (PAGE_SIZE - 1);
  offset &= PAGE_MASK;
  addr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, offset);
  for (i = 0; i < 8; i++)
    printf("%x ", addr[i + left]);
  munmap(addr, PAGE_SIZE);
  close(fd);

When the resource start is not PAGE_SIZE aligned, it should
be io port, pci_mmap_resource could return round_down address of
resource start.
As the whole point for pci_mmap_resource is passing offset in
[0, resource_size), user may assume virtual add is corresponding
to unaligned resource_size. Later they could get wrong value
with offset to resource start.

Block the path for now, and need to use pci_read_resource_io
/pci_write_resource_io path instead.
user code should be like:
  fd = open(argv[1], O_RDONLY);
  ...
  sscanf(argv[2], "0x%lx", &offset);
  for (i = 0; i < 8; i++) {
    pread(fd, &buf, 1, i + offset);
  }
  close(fd);

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
---
 drivers/pci/pci-sysfs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 82b98dd..138dfc2 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1018,6 +1018,16 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
 	if (i >= PCI_ROM_RESOURCE)
 		return -ENODEV;
 
+	/*
+	 * resource start have to be PAGE_SIZE aligned, as we pass
+	 * back virt address include round down of resource_start,
+	 * that caller can not figure out directly.
+	 * when it is not aligned, that mean it is io port, should go
+	 * pci_read_resource_io()/pci_write_resource_io() path.
+	 */
+	if (res->start & ~PAGE_MASK)
+		return -EINVAL;
+
 	if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start))
 		return -EINVAL;
 
-- 
2.8.3

next prev parent reply	other threads:[~2016-06-18  2:25 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-18  2:24 [PATCH v13 00/16] PCI: Fixup for 64bit resource with sparc Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 01/16] PCI: Let pci_mmap_page_range() take resource address Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18 12:17   ` Bjorn Helgaas
2016-06-18 12:17     ` Bjorn Helgaas
2016-06-22  4:32     ` Yinghai Lu
2016-06-22  4:32       ` Yinghai Lu
2016-06-22 15:22       ` Bjorn Helgaas
2016-06-22 15:22         ` Bjorn Helgaas
2016-06-22 19:22         ` Yinghai Lu
2016-06-22 19:22           ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 02/16] PCI: Remove __pci_mmap_make_offset() Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` Yinghai Lu [this message]
2016-06-18  2:24 ` [PATCH v13 04/16] sparc/PCI: Use correct offset for bus address to resource Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 05/16] PCI: Add pci_find_bus_resource() Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 06/16] sparc/PCI: Reserve legacy mmio after PCI mmio Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 07/16] sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 08/16] sparc/PCI: Keep resource idx order with bridge register number Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 09/16] powerpc/PCI: " Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 10/16] powerpc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 11/16] OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 12/16] PCI: Check pref compatible bit for mem64 resource of PCIe device Yinghai Lu
2016-06-18  2:24   ` Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 13/16] PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64 Yinghai Lu
2016-06-18  2:24 ` [PATCH v13 14/16] PCI: Add has_mem64 for struct host_bridge Yinghai Lu
2016-06-18  2:25 ` [PATCH v13 15/16] PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64 Yinghai Lu
2016-06-18  2:25 ` [PATCH v13 16/16] PCI: Restore pref MMIO allocation logic for host bridge without mmio64 Yinghai Lu
2016-08-08 19:49 ` [PATCH v13 00/16] PCI: Fixup for 64bit resource with sparc Bjorn Helgaas
2016-08-09 16:15   ` Yinghai Lu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:82b98dd dfblob:138dfc2 )
 OR (
bs:"[PATCH v13 03/16] PCI: Check resource alignment for /sys pci_mmap_resource path" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160618022501.15648-4-yinghai@kernel.org \
    --to=yinghai@kernel.org \
    --cc=benh@kernel.crashing.org \
    --cc=bhelgaas@google.com \
    --cc=davem@davemloft.net \
    --cc=khalid.aziz@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=weiyang@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.