lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101110104434.6ed20d33@jbarnes-x201>
Date:	Wed, 10 Nov 2010 10:44:34 -0800
From:	Jesse Barnes <jbarnes@...tuousgeek.org>
To:	Martin Wilck <martin.wilck@...fujitsu.com>
Cc:	gerhard.wichert@...fujitsu.com, linux-kernel@...r.kernel.org,
	linux-pci@...r.kernel.org
Subject: Re: [PATCH] fix size checks for mmap() on /proc/bus/pci files
 (updated)

On Wed, 10 Nov 2010 11:03:21 +0100
Martin Wilck <martin.wilck@...fujitsu.com> wrote:

> The checks for valid mmaps of PCI resources made
> through /proc/bus/pci files that were introduced in
> 9eff02e2042f96fb2aedd02e032eca1c5333d767 have several problems:
> 
> 1. mmap() calls on /proc/bus/pci files are made with real file
> offsets > 0, whereas under /sys/bus/pci/devices, the start of the
> resource corresponds to offset 0. This may lead to false negatives in
> pci_mmap_fits(), which implicitly assumes the /sys/bus/pci/devices
> layout.
> 
> 2. The loop in proc_bus_pci_mmap doesn't skip empty resouces. This
> leads to false positives, because pci_mmap_fits() doesn't treat empty
> resources correctly (the calculated size is 1 <<
> (8*sizeof(resource_size_t)-PAGE_SHIFT) in this case!).
> 
> 3. If a user maps resources with BAR > 0, pci_mmap_fits will emit
> bogus WARNINGS for the first resources that don't fit until the
> correct one is found.
> 
> On many controllers the first 2-4 BARs are used, and the others are
> empty. In this case, an mmap attempt will first fail on the non-empty
> BARs (including the "right" BAR because of 1.) and emit bogus
> WARNINGS because of 3., and finally succeed on the first empty BAR
> because of 2. This is certainly not the intended behaviour.
> 
> This patch addresses all 3 issues.
> Updated with an enum type for the additional parameter for
> pci_mmap_fits().
> 
> Signed-off-by: Martin Wilck <martin.wilck@...fujitsu.com>

Thanks Martin, I'll push this into my for-linus branch for 2.6.37; may
as well cc: stable as well, since this is a long standing bug.

-- 
Jesse Barnes, Intel Open Source Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ