Re: [PATCH 2/3] PCI/sysfs: Prohibit unaligned access to I/O port on non-x86

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>
To: Ziming Du <duziming2@huawei.com>
Cc: bhelgaas@google.com, linux-pci@vger.kernel.org,
	 LKML <linux-kernel@vger.kernel.org>,
	chrisw@redhat.com,  jbarnes@virtuousgeek.org,
	alex.williamson@redhat.com,  liuyongqiang13@huawei.com
Subject: Re: [PATCH 2/3] PCI/sysfs: Prohibit unaligned access to I/O port on non-x86
Date: Tue, 16 Dec 2025 12:43:48 +0200 (EET)	[thread overview]
Message-ID: <43e40c50-e23b-0ebc-9f82-986b2ea55943@linux.intel.com> (raw)
In-Reply-To: <20251216083912.758219-3-duziming2@huawei.com>

On Tue, 16 Dec 2025, Ziming Du wrote:

> From: Yongqiang Liu <liuyongqiang13@huawei.com>
> 
> Unaligned access is harmful for non-x86 archs such as arm64. When we
> use pwrite or pread to access the I/O port resources with unaligned
> offset, system will crash as follows:
> 
> Unable to handle kernel paging request at virtual address fffffbfffe8010c1
> Internal error: Oops: 0000000096000061 [#1] SMP
> Modules linked in:
> CPU: 1 PID: 44230 Comm: syz.1.10955 Not tainted 6.6.0+ #1
> Hardware name: linux,dummy-virt (DT)
> pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : __raw_writew arch/arm64/include/asm/io.h:33 [inline]
> pc : _outw include/asm-generic/io.h:594 [inline]
> pc : logic_outw+0x54/0x218 lib/logic_pio.c:305
> lr : _outw include/asm-generic/io.h:593 [inline]
> lr : logic_outw+0x40/0x218 lib/logic_pio.c:305
> sp : ffff800083097a30
> x29: ffff800083097a30 x28: ffffba71ba86e130 x27: 1ffff00010612f93
> x26: ffff3bae63b3a420 x25: ffffba71bbf585d0 x24: 0000000000005ac1
> x23: 00000000000010c1 x22: ffff3baf0deb6488 x21: 0000000000000002
> x20: 00000000000010c1 x19: 0000000000ffbffe x18: 0000000000000000
> x17: 0000000000000000 x16: ffffba71b9f44b48 x15: 00000000200002c0
> x14: 0000000000000000 x13: 0000000000000000 x12: ffff6775ca80451f
> x11: 1fffe775ca80451e x10: ffff6775ca80451e x9 : ffffba71bb78cf2c
> x8 : 0000988a357fbae2 x7 : ffff3bae540228f7 x6 : 0000000000000001
> x5 : 1fffe775e2b43c78 x4 : dfff800000000000 x3 : ffffba71b9a00000
> x2 : ffff80008d22a000 x1 : ffffc58ec6600000 x0 : fffffbfffe8010c1
> Call trace:
>  _outw include/asm-generic/io.h:594 [inline]
>  logic_outw+0x54/0x218 lib/logic_pio.c:305
>  pci_resource_io drivers/pci/pci-sysfs.c:1157 [inline]
>  pci_write_resource_io drivers/pci/pci-sysfs.c:1191 [inline]
>  pci_write_resource_io+0x208/0x260 drivers/pci/pci-sysfs.c:1181
>  sysfs_kf_bin_write+0x188/0x210 fs/sysfs/file.c:158
>  kernfs_fop_write_iter+0x2e8/0x4b0 fs/kernfs/file.c:338
>  call_write_iter include/linux/fs.h:2085 [inline]
>  new_sync_write fs/read_write.c:493 [inline]
>  vfs_write+0x7bc/0xac8 fs/read_write.c:586
>  ksys_write+0x12c/0x270 fs/read_write.c:639
>  __do_sys_write fs/read_write.c:651 [inline]
>  __se_sys_write fs/read_write.c:648 [inline]
>  __arm64_sys_write+0x78/0xb8 fs/read_write.c:648
>  __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
>  invoke_syscall+0x8c/0x2e0 arch/arm64/kernel/syscall.c:51
>  el0_svc_common.constprop.0+0x200/0x2a8 arch/arm64/kernel/syscall.c:134
>  do_el0_svc+0x4c/0x70 arch/arm64/kernel/syscall.c:176
>  el0_svc+0x44/0x1d8 arch/arm64/kernel/entry-common.c:806
>  el0t_64_sync_handler+0x100/0x130 arch/arm64/kernel/entry-common.c:844
>  el0t_64_sync+0x3c8/0x3d0 arch/arm64/kernel/entry.S:757
> 
> Powerpc seems affected as well, so prohibit the unaligned access
> on non-x86 archs.
> 
> Fixes: 8633328be242 ("PCI: Allow read/write access to sysfs I/O port resources")
> Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
> Signed-off-by: Ziming Du <duziming2@huawei.com>
> ---
>  drivers/pci/pci-sysfs.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> index 7e697b82c5e1..6fa3c9d0e97e 100644
> --- a/drivers/pci/pci-sysfs.c
> +++ b/drivers/pci/pci-sysfs.c
> @@ -1141,6 +1141,13 @@ static int pci_mmap_resource_wc(struct file *filp, struct kobject *kobj,
>  	return pci_mmap_resource(kobj, attr, vma, 1);
>  }
>  
> +#if !defined(CONFIG_X86)
> +static bool is_unaligned(unsigned long port, size_t size)
> +{
> +	return port & (size - 1);
> +}
> +#endif
> +
>  static ssize_t pci_resource_io(struct file *filp, struct kobject *kobj,
>  			       const struct bin_attribute *attr, char *buf,
>  			       loff_t off, size_t count, bool write)
> @@ -1158,6 +1165,11 @@ static ssize_t pci_resource_io(struct file *filp, struct kobject *kobj,
>  	if (port + count - 1 > pci_resource_end(pdev, bar))
>  		return -EINVAL;
>  
> +#if !defined(CONFIG_X86)
> +	if (is_unaligned(port, count))
> +		return -EFAULT;
> +#endif
> +

This changes return value from -EINVAL -> -EFAULT for some values of count 
which seems not justified.

To me it's not clear why even x86 should allow unaligned access. This 
interface is very much geared towards natural alignment and sizing of the 
reads (e.g. count = 3 leads to -EINVAL), so it feels somewhat artificial 
to make x86 behave different here from the others.

>  	switch (count) {
>  	case 1:
>  		if (write)
> 

-- 
 i.

next prev parent reply	other threads:[~2025-12-16 10:43 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-16  8:39 [PATCH 0/3] Miscellaneous fixes for pci subsystem Ziming Du
2025-12-16  8:39 ` [PATCH 1/3] PCI/sysfs: fix null pointer dereference during PCI hotplug Ziming Du
2025-12-23 16:55   ` Bjorn Helgaas
2025-12-24  1:28     ` duziming
2025-12-16  8:39 ` [PATCH 2/3] PCI/sysfs: Prohibit unaligned access to I/O port on non-x86 Ziming Du
2025-12-16 10:43   ` Ilpo Järvinen [this message]
2025-12-17  9:47     ` duziming
2025-12-17 10:15       ` Ilpo Järvinen
2025-12-18  8:03         ` duziming
2025-12-20 16:20   ` kernel test robot
2025-12-22  5:01   ` kernel test robot
2025-12-16  8:39 ` [PATCH 3/3] PCI: Prevent overflow in proc_bus_pci_write() Ziming Du
2025-12-16 10:57   ` Ilpo Järvinen
2025-12-17  9:33     ` duziming
2025-12-17 10:19       ` Ilpo Järvinen
2025-12-18  7:18         ` duziming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43e40c50-e23b-0ebc-9f82-986b2ea55943@linux.intel.com \
    --to=ilpo.jarvinen@linux.intel.com \
    --cc=alex.williamson@redhat.com \
    --cc=bhelgaas@google.com \
    --cc=chrisw@redhat.com \
    --cc=duziming2@huawei.com \
    --cc=jbarnes@virtuousgeek.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=liuyongqiang13@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox