lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240123184622.GA322265@bhelgaas>
Date: Tue, 23 Jan 2024 12:46:22 -0600
From: Bjorn Helgaas <helgaas@...nel.org>
To: Philipp Stanner <pstanner@...hat.com>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>, Arnd Bergmann <arnd@...db.de>,
	Johannes Berg <johannes@...solutions.net>,
	Randy Dunlap <rdunlap@...radead.org>, NeilBrown <neilb@...e.de>,
	John Sanpe <sanpeqf@...il.com>,
	Kent Overstreet <kent.overstreet@...il.com>,
	Niklas Schnelle <schnelle@...ux.ibm.com>,
	Dave Jiang <dave.jiang@...el.com>,
	Uladzislau Koshchanka <koshchanka@...il.com>,
	"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
	David Gow <davidgow@...gle.com>, Kees Cook <keescook@...omium.org>,
	Rae Moar <rmoar@...gle.com>,
	Geert Uytterhoeven <geert@...ux-m68k.org>,
	"wuqiang.matt" <wuqiang.matt@...edance.com>,
	Yury Norov <yury.norov@...il.com>, Jason Baron <jbaron@...mai.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Marco Elver <elver@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ben Dooks <ben.dooks@...ethink.co.uk>, dakr@...hat.com,
	linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org,
	linux-arch@...r.kernel.org, stable@...r.kernel.org,
	Arnd Bergmann <arnd@...nel.org>
Subject: Re: [PATCH v5 RESEND 1/5] lib/pci_iomap.c: fix cleanup bugs in
 pci_iounmap()

On Thu, Jan 11, 2024 at 09:55:36AM +0100, Philipp Stanner wrote:
> pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address
> is within ioport-range IF the config specifies that ioports exist. If
> so, the port should be unmapped with ioport_unmap(). If not, it's a
> generic MMIO address that has to be passed to iounmap().
> 
> The bugs are:
>   1. ioport_unmap() is missing entirely, so this function will never
>      actually unmap a port.

The preceding comment suggests that in this default implementation,
the ioport does not need unmapping, and it wasn't something it was
supposed to do but just failed to do:

 * NOTE! This default implementation assumes that if the architecture
 * support ioport mapping (HAS_IOPORT_MAP), the ioport mapping will
 * be fixed to the range [ PCI_IOBASE, PCI_IOBASE+IO_SPACE_LIMIT [,
 * and does not need unmapping with 'ioport_unmap()'.
 *
 * If you have different rules for your architecture, you need to
 * implement your own pci_iounmap() that knows the rules for where
 * and how IO vs MEM get mapped.

Almost all ioport_unmap() implementations are empty, so in most cases
it's a no-op (parisc is an exception).

I'm happy to add the ioport_unmap() even just for symmetry, but if we
do, I think we should update or remove that comment.

>   2. the #ifdef for the ioport-ranges accidentally also guards
>      iounmap(), potentially compiling an empty function. This would
>      cause the mapping to be leaked.
> 
> Implement the missing call to ioport_unmap().
> 
> Move the guard so that iounmap() will always be part of the function.

I think we should fix this bug in a separate patch because the
ioport_unmap() is much more subtle and doesn't need to be complicated
with this fix.

> CC: <stable@...r.kernel.org> # v5.15+
> Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all")
> Reported-by: Danilo Krummrich <dakr@...hat.com>

Is there a URL we can include for Danilo's report?  I found
https://lore.kernel.org/all/a6ef92ae-0747-435b-822d-d0229da4683c@redhat.com/,
but I'm not sure that's the right part of the conversation.

> Suggested-by: Arnd Bergmann <arnd@...nel.org>
> Signed-off-by: Philipp Stanner <pstanner@...hat.com>
> Reviewed-by: Arnd Bergmann <arnd@...db.de>
> ---
>  lib/pci_iomap.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c
> index ce39ce9f3526..6e144b017c48 100644
> --- a/lib/pci_iomap.c
> +++ b/lib/pci_iomap.c
> @@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p)
>  	uintptr_t start = (uintptr_t) PCI_IOBASE;
>  	uintptr_t addr = (uintptr_t) p;
>  
> -	if (addr >= start && addr < start + IO_SPACE_LIMIT)
> +	if (addr >= start && addr < start + IO_SPACE_LIMIT) {
> +		ioport_unmap(p);
>  		return;
> -	iounmap(p);
> +	}
>  #endif
> +	iounmap(p);
>  }
>  EXPORT_SYMBOL(pci_iounmap);
>  
> -- 
> 2.43.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ