lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1509594522-6841-1-git-send-email-changbin.du@intel.com>
Date:   Thu,  2 Nov 2017 11:48:42 +0800
From:   changbin.du@...el.com
To:     bhelgaas@...gle.com
Cc:     tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
        linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
        Changbin Du <changbin.du@...el.com>
Subject: [PATCH] PCI: Fail pci_map_rom if the PCI ROM is invalid

From: Changbin Du <changbin.du@...el.com>

If we detected a invalid PCI ROM (e.g. Invalid PCI ROM header signature),
we should unmap it immediately and fail. It doesn't make any sense that
return a mapped area with size of 0.

I have seen this case on Intel GVTg vGPU, which have no vbios. It will
not cause a real problem, but we should skip it as early as possible.

Signed-off-by: Changbin Du <changbin.du@...el.com>
---
 drivers/pci/rom.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index b6edb18..1f5e6af 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -147,12 +147,8 @@ void __iomem *pci_map_rom(struct pci_dev *pdev, size_t *size)
 		return NULL;
 
 	rom = ioremap(start, *size);
-	if (!rom) {
-		/* restore enable if ioremap fails */
-		if (!(res->flags & IORESOURCE_ROM_ENABLE))
-			pci_disable_rom(pdev);
-		return NULL;
-	}
+	if (!rom)
+		goto err_ioremap;
 
 	/*
 	 * Try to find the true size of the ROM since sometimes the PCI window
@@ -160,7 +156,18 @@ void __iomem *pci_map_rom(struct pci_dev *pdev, size_t *size)
 	 * True size is important if the ROM is going to be copied.
 	 */
 	*size = pci_get_rom_size(pdev, rom, *size);
+	if (!*size)
+		goto invalid_rom;
+
 	return rom;
+
+invalid_rom:
+	iounmap(rom);
+err_ioremap:
+	/* restore enable if ioremap fails */
+	if (!(res->flags & IORESOURCE_ROM_ENABLE))
+		pci_disable_rom(pdev);
+	return NULL;
 }
 EXPORT_SYMBOL(pci_map_rom);
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ