aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-10-02 21:52:51 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-10-02 21:52:51 -0400
commitb5ff7df3df9efab511244d5a299fce706c71af48 (patch)
tree77e8d77ebc7f52ee5c28e6652d26fe33739cb4b4
parent6f92a6a7ddba5ae7ca0f0255d46410465dcf2ba6 (diff)
Check mapped ranges on sysfs resource files
This is loosely based on a patch by Jesse Barnes to check the user-space PCI mappings though the sysfs interfaces. Quoting Jesse's original explanation: It's fairly common for applications to map PCI resources through sysfs. However, with the current implementation, it's possible for an application to map far more than the range corresponding to the resourceN file it opened. This patch plugs that hole by checking the range at mmap time, similar to what is done on platforms like sparc64 in their lower level PCI remapping routines. It was initially put together to help debug the e1000e NVRAM corruption problem, since we initially thought an X driver might be walking past the end of one of its mappings and clobbering the NVRAM. It now looks like that's not the case, but doing the check is still important for obvious reasons. and this version of the patch differs in that it uses a helper function to clarify the code, and does all the checks in pages (instead of bytes) in order to avoid overflows when doing "<< PAGE_SHIFT" etc. Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/pci/pci-sysfs.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9c718583a237..77baff022f71 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -16,6 +16,7 @@
16 16
17 17
18#include <linux/kernel.h> 18#include <linux/kernel.h>
19#include <linux/sched.h>
19#include <linux/pci.h> 20#include <linux/pci.h>
20#include <linux/stat.h> 21#include <linux/stat.h>
21#include <linux/topology.h> 22#include <linux/topology.h>
@@ -484,6 +485,21 @@ pci_mmap_legacy_mem(struct kobject *kobj, struct bin_attribute *attr,
484#endif /* HAVE_PCI_LEGACY */ 485#endif /* HAVE_PCI_LEGACY */
485 486
486#ifdef HAVE_PCI_MMAP 487#ifdef HAVE_PCI_MMAP
488
489static int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma)
490{
491 unsigned long nr, start, size;
492
493 nr = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
494 start = vma->vm_pgoff;
495 size = pci_resource_len(pdev, resno) >> PAGE_SHIFT;
496 if (start < size && size - start >= nr)
497 return 1;
498 WARN(1, "process \"%s\" tried to map 0x%08lx-0x%08lx on %s BAR %d (size 0x%08lx)\n",
499 current->comm, start, start+nr, pci_name(pdev), resno, size);
500 return 0;
501}
502
487/** 503/**
488 * pci_mmap_resource - map a PCI resource into user memory space 504 * pci_mmap_resource - map a PCI resource into user memory space
489 * @kobj: kobject for mapping 505 * @kobj: kobject for mapping
@@ -510,6 +526,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
510 if (i >= PCI_ROM_RESOURCE) 526 if (i >= PCI_ROM_RESOURCE)
511 return -ENODEV; 527 return -ENODEV;
512 528
529 if (!pci_mmap_fits(pdev, i, vma))
530 return -EINVAL;
531
513 /* pci_mmap_page_range() expects the same kind of entry as coming 532 /* pci_mmap_page_range() expects the same kind of entry as coming
514 * from /proc/bus/pci/ which is a "user visible" value. If this is 533 * from /proc/bus/pci/ which is a "user visible" value. If this is
515 * different from the resource itself, arch will do necessary fixup. 534 * different from the resource itself, arch will do necessary fixup.