lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 25 Aug 2019 11:37:27 +0530
From:   Souptick Joarder <jrdr.linux@...il.com>
To:     leon@...nel.org, dledford@...hat.com, jgg@...pe.ca
Cc:     linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org,
        willy@...radead.org, Souptick Joarder <jrdr.linux@...il.com>
Subject: [PATCH] IB/mlx5: Convert to use vm_map_pages_zero()

First, length passed to mmap is checked explicitly against
PAGE_SIZE.

Second, if vma->vm_pgoff is passed as non zero, it would return
error. It appears like driver is expecting vma->vm_pgoff to
be passed as 0 always. otherwise throw error (not sure if done
with a particular purpose). Rather driver could set vma->vm_pgoff
to 0 irrespective of the value passed to it.

vm_map_pages_zero() has condition to validate incorrect length
passed to driver and second it can also set vma->vm_pgoff to 0
before mapping the page to vma.

Hence convert to use vm_map_pages_zero().

Signed-off-by: Souptick Joarder <jrdr.linux@...il.com>
---
 drivers/infiniband/hw/mlx5/main.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 0569bca..366211d 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -2071,12 +2071,10 @@ static int mlx5_ib_mmap_clock_info_page(struct mlx5_ib_dev *dev,
 					struct vm_area_struct *vma,
 					struct mlx5_ib_ucontext *context)
 {
-	if ((vma->vm_end - vma->vm_start != PAGE_SIZE) ||
-	    !(vma->vm_flags & VM_SHARED))
-		return -EINVAL;
+	struct page *pages;
 
-	if (get_index(vma->vm_pgoff) != MLX5_IB_CLOCK_INFO_V1)
-		return -EOPNOTSUPP;
+	if (!(vma->vm_flags & VM_SHARED))
+		return -EINVAL;
 
 	if (vma->vm_flags & (VM_WRITE | VM_EXEC))
 		return -EPERM;
@@ -2084,9 +2082,9 @@ static int mlx5_ib_mmap_clock_info_page(struct mlx5_ib_dev *dev,
 
 	if (!dev->mdev->clock_info)
 		return -EOPNOTSUPP;
+	pages = virt_to_page(dev->mdev->clock_info);
 
-	return vm_insert_page(vma, vma->vm_start,
-			      virt_to_page(dev->mdev->clock_info));
+	return vm_map_pages_zero(vma, &pages, 1);
 }
 
 static int uar_mmap(struct mlx5_ib_dev *dev, enum mlx5_ib_mmap_cmd cmd,
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ