From: "Krzysztof Wilczyński" <kw@linux.com>
To: Ziming Du <duziming2@huawei.com>
Cc: bhelgaas@google.com, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, liuyongqiang13@huawei.com
Subject: Re: [PATCH 1/4] PCI: Align proc_bus_pci_write() with pci_write_config()
Date: Mon, 4 May 2026 08:02:13 +0900 [thread overview]
Message-ID: <20260503223843.GB3862479@rocinante> (raw)
In-Reply-To: <20260414024544.2975605-2-duziming2@huawei.com>
Hello,
> - if (pos >= size)
> + if (off >= dev->cfg_size)
> return 0;
> - if (nbytes >= size)
> + if (off + size > dev->cfg_size) {
> + size = dev->cfg_size - off;
> nbytes = size;
> - if (pos + nbytes > size)
> - nbytes = size - pos;
> - cnt = nbytes;
> + }
Some of these boundary checks have issues on the sysfs side, where for some
offsets, a gratuitous pci_config_pm_runtime_get()/put() invocation would take
place, even though there would be no real work done. Something to fix, too,
since you are looking to align both implementations.
> - if ((pos & 1) && cnt) {
> + if ((off & 1) && size) {
> unsigned char val;
> __get_user(val, buf);
Sashiko is complaining about __get_user() here. However, the following
patch was sent recently, which aims to fix this (seems Syzkaller found
this, too):
https://lore.kernel.org/linux-pci/20260502011446.125268-1-kartikey406@gmail.com/
If this one is accepted, then there is nothing to do here. Otherwise, you
could consider moving to get_user(), etc., here, too.
> - while (cnt >= 4) {
> + while (size >= 4) {
This can still be aligned between here and sysfs. Have a look there.
There is also the resource_is_exclusive() check on the sysfs side which
adds a warning and a taint when write is accessing some address ranges
which some driver claimed for itself. procfs does not have this at the
moment (not sure if on purpose or it simly wasn't ever added).
Thank you!
Krzysztof
next prev parent reply other threads:[~2026-05-03 23:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 2:45 [PATCH 0/4] PCI: Fix procfs PCI config access issues Ziming Du
2026-04-14 2:45 ` [PATCH 1/4] PCI: Align proc_bus_pci_write() with pci_write_config() Ziming Du
2026-05-03 23:02 ` Krzysztof Wilczyński [this message]
2026-04-14 2:45 ` [PATCH 2/4] PCI: Align proc_bus_pci_read() with pci_read_config() Ziming Du
2026-04-14 2:45 ` [PATCH 3/4] PCI: Prevent overflow in proc_bus_pci_write() Ziming Du
2026-04-14 2:45 ` [PATCH 4/4] PCI: Prevent overflow in proc_bus_pci_read() Ziming Du
2026-05-03 22:38 ` Krzysztof Wilczyński
2026-04-27 2:22 ` [PING] PCI: Fix procfs PCI config access issues duziming
2026-04-27 22:19 ` [PATCH 0/4] " Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260503223843.GB3862479@rocinante \
--to=kw@linux.com \
--cc=bhelgaas@google.com \
--cc=duziming2@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=liuyongqiang13@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox