| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Nov 2022 00:25:59 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: LKML <linux-kernel@...r.kernel.org>
Cc: x86@...nel.org, Joerg Roedel <joro@...tes.org>,
Will Deacon <will@...nel.org>, linux-pci@...r.kernel.org,
Bjorn Helgaas <bhelgaas@...gle.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
Marc Zyngier <maz@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jason Gunthorpe <jgg@...lanox.com>,
Dave Jiang <dave.jiang@...el.com>,
Alex Williamson <alex.williamson@...hat.com>,
Kevin Tian <kevin.tian@...el.com>,
Dan Williams <dan.j.williams@...el.com>,
Logan Gunthorpe <logang@...tatee.com>,
Ashok Raj <ashok.raj@...el.com>, Jon Mason <jdmason@...zu.us>,
Allen Hubbe <allenbh@...il.com>
Subject: [patch V3 09/33] genirq/msi: Add range checking to msi_insert_desc()
Per device domains provide the real domain size to the core code. This
allows range checking on insertion of MSI descriptors and also paves the
way for dynamic index allocations which are required e.g. for IMS. This
avoids external mechanisms like bitmaps on the device side and just
utilizes the core internal MSI descriptor storxe for it.
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
---
V3: Adopt to the new info->hwsize handling and to the new xarray split
---
kernel/irq/msi.c | 58 ++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 47 insertions(+), 11 deletions(-)
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -40,6 +40,7 @@ struct msi_ctrl {
#define MSI_XA_DOMAIN_SIZE (MSI_MAX_INDEX + 1)
static void msi_domain_free_locked(struct device *dev, struct msi_ctrl *ctrl);
+static unsigned int msi_domain_get_hwsize(struct device *dev, unsigned int domid);
static inline int msi_sysfs_create_group(struct device *dev);
@@ -80,16 +81,28 @@ static void msi_free_desc(struct msi_des
kfree(desc);
}
-static int msi_insert_desc(struct msi_device_data *md, struct msi_desc *desc,
+static int msi_insert_desc(struct device *dev, struct msi_desc *desc,
unsigned int domid, unsigned int index)
{
+ struct msi_device_data *md = dev->msi.data;
struct xarray *xa = &md->__domains[domid].store;
+ unsigned int hwsize;
int ret;
+ hwsize = msi_domain_get_hwsize(dev, domid);
+ if (index >= hwsize) {
+ ret = -ERANGE;
+ goto fail;
+ }
+
desc->msi_index = index;
ret = xa_insert(xa, index, desc, GFP_KERNEL);
if (ret)
- msi_free_desc(desc);
+ goto fail;
+ return 0;
+
+fail:
+ msi_free_desc(desc);
return ret;
}
@@ -117,7 +130,7 @@ int msi_domain_insert_msi_desc(struct de
/* Copy type specific data to the new descriptor. */
desc->pci = init_desc->pci;
- return msi_insert_desc(dev->msi.data, desc, domid, init_desc->msi_index);
+ return msi_insert_desc(dev, desc, domid, init_desc->msi_index);
}
static bool msi_desc_match(struct msi_desc *desc, enum msi_desc_filter filter)
@@ -136,11 +149,16 @@ static bool msi_desc_match(struct msi_de
static bool msi_ctrl_valid(struct device *dev, struct msi_ctrl *ctrl)
{
+ unsigned int hwsize;
+
if (WARN_ON_ONCE(ctrl->domid >= MSI_MAX_DEVICE_IRQDOMAINS ||
- !dev->msi.data->__domains[ctrl->domid].domain ||
- ctrl->first > ctrl->last ||
- ctrl->first > MSI_MAX_INDEX ||
- ctrl->last > MSI_MAX_INDEX))
+ !dev->msi.data->__domains[ctrl->domid].domain))
+ return false;
+
+ hwsize = msi_domain_get_hwsize(dev, ctrl->domid);
+ if (WARN_ON_ONCE(ctrl->first > ctrl->last ||
+ ctrl->first >= hwsize ||
+ ctrl->last >= hwsize))
return false;
return true;
}
@@ -208,7 +226,7 @@ static int msi_domain_add_simple_msi_des
desc = msi_alloc_desc(dev, 1, NULL);
if (!desc)
goto fail_mem;
- ret = msi_insert_desc(dev->msi.data, desc, ctrl->domid, idx);
+ ret = msi_insert_desc(dev, desc, ctrl->domid, idx);
if (ret)
goto fail;
}
@@ -407,7 +425,10 @@ unsigned int msi_domain_get_virq(struct
if (!dev->msi.data)
return 0;
- if (WARN_ON_ONCE(index > MSI_MAX_INDEX || domid >= MSI_MAX_DEVICE_IRQDOMAINS))
+ if (WARN_ON_ONCE(domid >= MSI_MAX_DEVICE_IRQDOMAINS))
+ return 0;
+
+ if (WARN_ON_ONCE(index >= msi_domain_get_hwsize(dev, domid)))
return 0;
/* This check is only valid for the PCI default MSI domain */
@@ -569,6 +590,20 @@ static struct irq_domain *msi_get_device
return domain;
}
+static unsigned int msi_domain_get_hwsize(struct device *dev, unsigned int domid)
+{
+ struct msi_domain_info *info;
+ struct irq_domain *domain;
+
+ domain = msi_get_device_domain(dev, domid);
+ if (domain) {
+ info = domain->host_data;
+ return info->hwsize;
+ }
+ /* No domain, no size... */
+ return 0;
+}
+
static inline void irq_chip_write_msi_msg(struct irq_data *data,
struct msi_msg *msg)
{
@@ -1359,7 +1394,7 @@ int msi_domain_alloc_irqs_all_locked(str
struct msi_ctrl ctrl = {
.domid = domid,
.first = 0,
- .last = MSI_MAX_INDEX,
+ .last = msi_domain_get_hwsize(dev, domid) - 1,
.nirqs = nirqs,
};
@@ -1473,7 +1508,8 @@ void msi_domain_free_irqs_range(struct d
*/
void msi_domain_free_irqs_all_locked(struct device *dev, unsigned int domid)
{
- msi_domain_free_irqs_range_locked(dev, domid, 0, MSI_MAX_INDEX);
+ msi_domain_free_irqs_range_locked(dev, domid, 0,
+ msi_domain_get_hwsize(dev, domid) - 1);
}
/**
Powered by blists - more mailing lists