diff mbox

[2/2] cxl: Fail mmap if requested mapping is larger than assigned problem state area

Message ID 1436247946-16292-2-git-send-email-imunsie@au.ibm.com (mailing list archive)
State Accepted
Delegated to: Michael Ellerman
Headers show

Commit Message

Ian Munsie July 7, 2015, 5:45 a.m. UTC 
From: Ian Munsie <imunsie@au1.ibm.com>

This patch makes the mmap call fail outright if the requested region is
larger than the problem state area assigned to the context so the error
is reported immediately rather than waiting for an attempt to access an
address out of bounds.

Although we never expect users to map more than the assigned problem
state area and are not aware of anyone doing this (other than for
testing), this does have the potential to break users if someone has
used a larger range regardless. I'm submitting it for consideration, but
if this change is not considered acceptable the previous patch is
sufficient to prevent access out of bounds without breaking anyone.

Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
---
 drivers/misc/cxl/context.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

Comments

Michael Ellerman July 8, 2015, 10:54 a.m. UTC | #1 
On Tue, 2015-07-07 at 05:45:46 UTC, Ian Munsie wrote:
> From: Ian Munsie <imunsie@au1.ibm.com>
> 
> This patch makes the mmap call fail outright if the requested region is
> larger than the problem state area assigned to the context so the error
> is reported immediately rather than waiting for an attempt to access an
> address out of bounds.
> 
> Although we never expect users to map more than the assigned problem
> state area and are not aware of anyone doing this (other than for
> testing), this does have the potential to break users if someone has
> used a larger range regardless. I'm submitting it for consideration, but
> if this change is not considered acceptable the previous patch is
> sufficient to prevent access out of bounds without breaking anyone.
> 
> Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>

Applied to powerpc fixes, thanks.

https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=5caaf5346892d1e7f0b8b7223062644f8538483f

cheers
diff mbox

Patch

diff --git a/drivers/misc/cxl/context.c b/drivers/misc/cxl/context.c
index 6c1ce51..1287148 100644
--- a/drivers/misc/cxl/context.c
+++ b/drivers/misc/cxl/context.c
@@ -145,8 +145,16 @@  static const struct vm_operations_struct cxl_mmap_vmops = {
  */
 int cxl_context_iomap(struct cxl_context *ctx, struct vm_area_struct *vma)
 {
+	u64 start = vma->vm_pgoff << PAGE_SHIFT;
 	u64 len = vma->vm_end - vma->vm_start;
-	len = min(len, ctx->psn_size);
+
+	if (ctx->afu->current_mode == CXL_MODE_DEDICATED) {
+		if (start + len > ctx->afu->adapter->ps_size)
+			return -EINVAL;
+	} else {
+		if (start + len > ctx->psn_size)
+			return -EINVAL;
+	}
 
 	if (ctx->afu->current_mode != CXL_MODE_DEDICATED) {
 		/* make sure there is a valid per process space for this AFU */