| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jan 2024 09:55:36 +0100
From: Philipp Stanner <pstanner@...hat.com>
To: Bjorn Helgaas <bhelgaas@...gle.com>,
Arnd Bergmann <arnd@...db.de>,
Johannes Berg <johannes@...solutions.net>,
Randy Dunlap <rdunlap@...radead.org>,
NeilBrown <neilb@...e.de>,
John Sanpe <sanpeqf@...il.com>,
Kent Overstreet <kent.overstreet@...il.com>,
Niklas Schnelle <schnelle@...ux.ibm.com>,
Philipp Stanner <pstanner@...hat.com>,
Dave Jiang <dave.jiang@...el.com>,
Uladzislau Koshchanka <koshchanka@...il.com>,
"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
David Gow <davidgow@...gle.com>,
Kees Cook <keescook@...omium.org>,
Rae Moar <rmoar@...gle.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
"wuqiang.matt" <wuqiang.matt@...edance.com>,
Yury Norov <yury.norov@...il.com>,
Jason Baron <jbaron@...mai.com>,
Thomas Gleixner <tglx@...utronix.de>,
Marco Elver <elver@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Ben Dooks <ben.dooks@...ethink.co.uk>,
dakr@...hat.com
Cc: linux-kernel@...r.kernel.org,
linux-pci@...r.kernel.org,
linux-arch@...r.kernel.org,
stable@...r.kernel.org,
Arnd Bergmann <arnd@...nel.org>
Subject: [PATCH v5 RESEND 1/5] lib/pci_iomap.c: fix cleanup bugs in pci_iounmap()
pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address
is within ioport-range IF the config specifies that ioports exist. If
so, the port should be unmapped with ioport_unmap(). If not, it's a
generic MMIO address that has to be passed to iounmap().
The bugs are:
1. ioport_unmap() is missing entirely, so this function will never
actually unmap a port.
2. the #ifdef for the ioport-ranges accidentally also guards
iounmap(), potentially compiling an empty function. This would
cause the mapping to be leaked.
Implement the missing call to ioport_unmap().
Move the guard so that iounmap() will always be part of the function.
CC: <stable@...r.kernel.org> # v5.15+
Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all")
Reported-by: Danilo Krummrich <dakr@...hat.com>
Suggested-by: Arnd Bergmann <arnd@...nel.org>
Signed-off-by: Philipp Stanner <pstanner@...hat.com>
Reviewed-by: Arnd Bergmann <arnd@...db.de>
---
lib/pci_iomap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c
index ce39ce9f3526..6e144b017c48 100644
--- a/lib/pci_iomap.c
+++ b/lib/pci_iomap.c
@@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p)
uintptr_t start = (uintptr_t) PCI_IOBASE;
uintptr_t addr = (uintptr_t) p;
- if (addr >= start && addr < start + IO_SPACE_LIMIT)
+ if (addr >= start && addr < start + IO_SPACE_LIMIT) {
+ ioport_unmap(p);
return;
- iounmap(p);
+ }
#endif
+ iounmap(p);
}
EXPORT_SYMBOL(pci_iounmap);
--
2.43.0
Powered by blists - more mailing lists