| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171108003049.GC22847@bhelgaas-glaptop.roam.corp.google.com>
Date: Tue, 7 Nov 2017 18:30:49 -0600
From: Bjorn Helgaas <helgaas@...nel.org>
To: changbin.du@...el.com
Cc: bhelgaas@...gle.com, tglx@...utronix.de, mingo@...hat.com,
x86@...nel.org, linux-pci@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] PCI: Fail pci_map_rom if the PCI ROM is invalid
On Thu, Nov 02, 2017 at 11:48:42AM +0800, changbin.du@...el.com wrote:
> From: Changbin Du <changbin.du@...el.com>
>
> If we detected a invalid PCI ROM (e.g. Invalid PCI ROM header signature),
> we should unmap it immediately and fail. It doesn't make any sense that
> return a mapped area with size of 0.
>
> I have seen this case on Intel GVTg vGPU, which have no vbios. It will
> not cause a real problem, but we should skip it as early as possible.
>
> Signed-off-by: Changbin Du <changbin.du@...el.com>
Applied to pci/resource for v4.15, thanks!
I split this into two patches: (1) moving the disable to err_ioremap, and
(2) the actual "if (!*size)" change which is the interesting part.
> ---
> drivers/pci/rom.c | 19 +++++++++++++------
> 1 file changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
> index b6edb18..1f5e6af 100644
> --- a/drivers/pci/rom.c
> +++ b/drivers/pci/rom.c
> @@ -147,12 +147,8 @@ void __iomem *pci_map_rom(struct pci_dev *pdev, size_t *size)
> return NULL;
>
> rom = ioremap(start, *size);
> - if (!rom) {
> - /* restore enable if ioremap fails */
> - if (!(res->flags & IORESOURCE_ROM_ENABLE))
> - pci_disable_rom(pdev);
> - return NULL;
> - }
> + if (!rom)
> + goto err_ioremap;
>
> /*
> * Try to find the true size of the ROM since sometimes the PCI window
> @@ -160,7 +156,18 @@ void __iomem *pci_map_rom(struct pci_dev *pdev, size_t *size)
> * True size is important if the ROM is going to be copied.
> */
> *size = pci_get_rom_size(pdev, rom, *size);
> + if (!*size)
> + goto invalid_rom;
> +
> return rom;
> +
> +invalid_rom:
> + iounmap(rom);
> +err_ioremap:
> + /* restore enable if ioremap fails */
> + if (!(res->flags & IORESOURCE_ROM_ENABLE))
> + pci_disable_rom(pdev);
> + return NULL;
> }
> EXPORT_SYMBOL(pci_map_rom);
>
> --
> 2.7.4
>
Powered by blists - more mailing lists