From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "David Woodhouse" <dwmw@amazon.co.uk>,
"Bjorn Helgaas" <bhelgaas@google.com>
Subject: [PATCH 3.2 28/59] PCI: Fix another sanity check bug in /proc/pci mmap
Date: Fri, 18 Aug 2017 14:13:13 +0100 [thread overview]
Message-ID: <lsq.1503061993.560695511@decadent.org.uk> (raw)
In-Reply-To: <lsq.1503061990.137512306@decadent.org.uk>
3.2.92-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
commit 17caf56731311c9596e7d38a70c88fcb6afa6a1b upstream.
Don't match MMIO maps with I/O BARs and vice versa.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/pci/proc.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -249,14 +249,20 @@ static int proc_bus_pci_mmap(struct file
const struct proc_dir_entry *dp = PDE(inode);
struct pci_dev *dev = dp->data;
struct pci_filp_private *fpriv = file->private_data;
- int i, ret, write_combine;
+ int i, ret, write_combine, res_bit;
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
+ if (fpriv->mmap_state == pci_mmap_io)
+ res_bit = IORESOURCE_IO;
+ else
+ res_bit = IORESOURCE_MEM;
+
/* Make sure the caller is mapping a real resource for this device */
for (i = 0; i < PCI_ROM_RESOURCE; i++) {
- if (pci_mmap_fits(dev, i, vma, PCI_MMAP_PROCFS))
+ if (dev->resource[i].flags & res_bit &&
+ pci_mmap_fits(dev, i, vma, PCI_MMAP_PROCFS))
break;
}
next prev parent reply other threads:[~2017-08-18 13:14 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-18 13:13 [PATCH 3.2 00/59] 3.2.92-rc1 review Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 58/59] mqueue: fix a use-after-free in sys_mq_notify() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 40/59] PCI: Disable boot interrupt quirk for ASUS M2N-LR Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 35/59] [media] dw2102: limit messages to buffer size Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 25/59] [media] digitv: " Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 38/59] x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 46/59] Bluetooth: Fix user channel for 32bit userspace on 64bit kernel Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 52/59] Set unicode flag on cifs echo request to avoid Mac error Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 47/59] power: supply: pda_power: move from timer to delayed_work Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 16/59] ath9k_htc: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 06/59] ath9k_htc: Add new USB ID Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 36/59] [media] ov2640: fix vflip control Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 10/59] zd1211rw: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 42/59] IB/core: If the MGID/MLID pair is not on the list return an error Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 21/59] [media] cx231xx-audio: fix init error path Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 15/59] cdc-acm: fix possible invalid access when processing notification Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 37/59] usb: host: xhci: print correct command ring address Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 07/59] ath9k_htc: add device ID for Toshiba WLM-20U2/GN-1080 Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 59/59] packet: fix tp_reserve race in packet_set_ring Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 34/59] [media] dw2102: some missing unlocks on error Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 26/59] [media] zr364xx: enforce minimum size when reading header Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 48/59] ip6_tunnel: Fix missing tunnel encapsulation limit option Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 14/59] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 12/59] usb: hub: Do not attempt to autosuspend disconnected devices Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 24/59] PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 57/59] timerfd: Protect the might cancel mechanism proper Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 50/59] tcp: fix wraparound issue in tcp_lp Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 03/59] ath9k_htc: Add Panasonic N5HBZ0000055 device id Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 20/59] [media] cx231xx-cards: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 54/59] fbdev: sti: don't select CONFIG_VT Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 01/59] drm/i915: fix use-after-free in page_flip_completed() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 33/59] [media] dw2102: Don't use dynamic static allocation Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 31/59] [media] ttusb2: Don't use stack variables for DMA Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 55/59] x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 30/59] PCI: Freeze PME scan before suspending devices Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 27/59] PCI: Ignore write combining when mapping I/O port space Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 39/59] netfilter: ctnetlink: make it safer when updating ct->status Ben Hutchings
2017-08-18 13:13 ` Ben Hutchings [this message]
2017-08-18 13:13 ` [PATCH 3.2 49/59] ipv6: Need to export ipv6_push_frag_opts for tunneling now Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 53/59] um: Fix PTRACE_POKEUSER on x86_64 Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 32/59] [media] ttusb2: limit messages to buffer size Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 19/59] [media] cx231xx: fix double free and leaks on failure path in cx231xx_usb_probe() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 45/59] net: ethernet: ucc_geth: fix MEM_PART_MURAM mode Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 08/59] ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 09/59] serial: sh-sci: Fix panic when serial console and DMA are enabled Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 13/59] [media] mceusb: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 11/59] usb: hub: Fix error loop seen after hub communication errors Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 05/59] ath9k_htc: Add device ID for Buffalo WLI-UV-AG300P Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 43/59] IB/core: For multicast functions, verify that LIDs are multicast LIDs Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 23/59] padata: free correct variable Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 04/59] ath9k_htc: Add PID/VID for a Ubiquiti WiFiStation Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 22/59] [media] cx231xx-audio: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 41/59] usb: Make sure usb/phy/of gets built-in Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 17/59] [media] gspca: konica: add missing endpoint sanity check Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 18/59] [media] usbvision: fix NULL-deref at probe Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 02/59] [media] pvrusb2: reduce stack usage pvr2_eeprom_analyze() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 56/59] ipv6: avoid overflow of offset in ip6_find_1stfragopt Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 44/59] libata: reject passthrough WRITE SAME requests Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 51/59] cifs: small underflow in cnvrtDosUnixTm() Ben Hutchings
2017-08-18 13:13 ` [PATCH 3.2 29/59] PCI: Only allow WC mmap on prefetchable resources Ben Hutchings
2017-08-18 14:54 ` [PATCH 3.2 00/59] 3.2.92-rc1 review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1503061993.560695511@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=bhelgaas@google.com \
--cc=dwmw@amazon.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox