lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240104090708.10571-3-pstanner@redhat.com>
Date: Thu,  4 Jan 2024 10:07:05 +0100
From: Philipp Stanner <pstanner@...hat.com>
To: Bjorn Helgaas <bhelgaas@...gle.com>,
	Arnd Bergmann <arnd@...db.de>,
	Johannes Berg <johannes@...solutions.net>,
	Randy Dunlap <rdunlap@...radead.org>,
	NeilBrown <neilb@...e.de>,
	John Sanpe <sanpeqf@...il.com>,
	Kent Overstreet <kent.overstreet@...il.com>,
	Niklas Schnelle <schnelle@...ux.ibm.com>,
	Philipp Stanner <pstanner@...hat.com>,
	Dave Jiang <dave.jiang@...el.com>,
	Uladzislau Koshchanka <koshchanka@...il.com>,
	"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
	David Gow <davidgow@...gle.com>,
	Kees Cook <keescook@...omium.org>,
	Rae Moar <rmoar@...gle.com>,
	Geert Uytterhoeven <geert@...ux-m68k.org>,
	"wuqiang.matt" <wuqiang.matt@...edance.com>,
	Yury Norov <yury.norov@...il.com>,
	Jason Baron <jbaron@...mai.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Marco Elver <elver@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ben Dooks <ben.dooks@...ethink.co.uk>,
	dakr@...hat.com
Cc: linux-kernel@...r.kernel.org,
	linux-pci@...r.kernel.org,
	linux-arch@...r.kernel.org,
	stable@...r.kernel.org,
	Arnd Bergmann <arnd@...nel.org>
Subject: [PATCH v5 1/5] lib/pci_iomap.c: fix cleanup bugs in pci_iounmap()

pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address
is within ioport-range IF the config specifies that ioports exist. If
so, the port should be unmapped with ioport_unmap(). If not, it's a
generic MMIO address that has to be passed to iounmap().

The bugs are:
  1. ioport_unmap() is missing entirely, so this function will never
     actually unmap a port.
  2. the #ifdef for the ioport-ranges accidentally also guards
     iounmap(), potentially compiling an empty function. This would
     cause the mapping to be leaked.

Implement the missing call to ioport_unmap().

Move the guard so that iounmap() will always be part of the function.

CC: <stable@...r.kernel.org> # v5.15+
Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all")
Reported-by: Danilo Krummrich <dakr@...hat.com>
Suggested-by: Arnd Bergmann <arnd@...nel.org>
Signed-off-by: Philipp Stanner <pstanner@...hat.com>
Reviewed-by: Arnd Bergmann <arnd@...db.de>
---
 lib/pci_iomap.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c
index ce39ce9f3526..6e144b017c48 100644
--- a/lib/pci_iomap.c
+++ b/lib/pci_iomap.c
@@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p)
 	uintptr_t start = (uintptr_t) PCI_IOBASE;
 	uintptr_t addr = (uintptr_t) p;
 
-	if (addr >= start && addr < start + IO_SPACE_LIMIT)
+	if (addr >= start && addr < start + IO_SPACE_LIMIT) {
+		ioport_unmap(p);
 		return;
-	iounmap(p);
+	}
 #endif
+	iounmap(p);
 }
 EXPORT_SYMBOL(pci_iounmap);
 
-- 
2.43.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ