[PATCH] uio: Fix memory size check with vma in uio_mmap_physical()

[PATCH] uio: Fix memory size check with vma in uio_mmap_physical()

[Nobuhiro Iwamatsu]

Register for the device are mapped in uio_mmap_physical().
In this case, it might not be the same as the size of VMA always.
This uses PAGE_ALIGN to memory size, fix the check of the memory size
to be mapped.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
---
 drivers/uio/uio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index a673e5b..e371f5a 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -655,7 +655,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
 
 	if (mem->addr & ~PAGE_MASK)
 		return -ENODEV;
-	if (vma->vm_end - vma->vm_start > mem->size)
+	if (vma->vm_end - vma->vm_start > PAGE_ALIGN(mem->size))
 		return -EINVAL;
 
 	vma->vm_ops = &uio_physical_vm_ops;
-- 
1.8.5

Re: [PATCH] uio: Fix memory size check with vma in uio_mmap_physical()

[Greg KH]

On Wed, Mar 12, 2014 at 10:24:21AM +0900, Nobuhiro Iwamatsu wrote:
> Register for the device are mapped in uio_mmap_physical().
> In this case, it might not be the same as the size of VMA always.

Why wouldn't this be the case?

> This uses PAGE_ALIGN to memory size, fix the check of the memory size
> to be mapped.
> 
> Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
> ---
>  drivers/uio/uio.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
> index a673e5b..e371f5a 100644
> --- a/drivers/uio/uio.c
> +++ b/drivers/uio/uio.c
> @@ -655,7 +655,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
>  
>  	if (mem->addr & ~PAGE_MASK)
>  		return -ENODEV;
> -	if (vma->vm_end - vma->vm_start > mem->size)
> +	if (vma->vm_end - vma->vm_start > PAGE_ALIGN(mem->size))

You just increased the size for the check, that seems wrong.  Why
wouldn't mem->size be correct here?

What hardware is failing for this with a valid size and end/start
addresses?

thanks,

greg k-h

Re: [PATCH] uio: Fix memory size check with vma in uio_mmap_physical()

[Nobuhiro Iwamatsu]

(2014/03/18 8:26), Greg KH wrote:
> On Wed, Mar 12, 2014 at 10:24:21AM +0900, Nobuhiro Iwamatsu wrote:
>> Register for the device are mapped in uio_mmap_physical().
>> In this case, it might not be the same as the size of VMA always.
>
> Why wouldn't this be the case?

size contained in the "mem-> size" is the size of the actual always.
However, in this case, "if (vma-> vm_end - vma-> vm_start> mem-> size)" is an error by always.
This is because the address contained in the vma is because it is always aligned by PAGE_SIZE.

>
>> This uses PAGE_ALIGN to memory size, fix the check of the memory size
>> to be mapped.
>>
>> Signed-off-by: Nobuhiro Iwamatsu<nobuhiro.iwamatsu.yj@renesas.com>
>> ---
>>   drivers/uio/uio.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
>> index a673e5b..e371f5a 100644
>> --- a/drivers/uio/uio.c
>> +++ b/drivers/uio/uio.c
>> @@ -655,7 +655,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
>>
>>   	if (mem->addr&  ~PAGE_MASK)
>>   		return -ENODEV;
>> -	if (vma->vm_end - vma->vm_start>  mem->size)
>> +	if (vma->vm_end - vma->vm_start>  PAGE_ALIGN(mem->size))
>
> You just increased the size for the check, that seems wrong.  Why
> wouldn't mem->size be correct here?
>
> What hardware is failing for this with a valid size and end/start
> addresses?

For example, when I have the following settings in in platform device setup,
the size of the mem->size will be 344.

static struct resource vpu_resources[] = {
	[0] = {
		.name	= "VPU",
		.start	= 0xfe900000,
		.end	= 0xfe900157,
		.flags	= IORESOURCE_MEM,
	},
};

And vma->vm_start was set 0xB6F9F000, vma->start was set B6FA0000.
Therefore, this is "if (vma-> vm_end - vma-> vm_start> mem-> size)" will result in an error.
Am I wrong how to use UIO?

>
> thanks,
>
> greg k-h

Best regards,
   Nobuhiro