Message ID | 1436247946-16292-2-git-send-email-imunsie@au.ibm.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Michael Ellerman |
Headers | show |
On Tue, 2015-07-07 at 05:45:46 UTC, Ian Munsie wrote: > From: Ian Munsie <imunsie@au1.ibm.com> > > This patch makes the mmap call fail outright if the requested region is > larger than the problem state area assigned to the context so the error > is reported immediately rather than waiting for an attempt to access an > address out of bounds. > > Although we never expect users to map more than the assigned problem > state area and are not aware of anyone doing this (other than for > testing), this does have the potential to break users if someone has > used a larger range regardless. I'm submitting it for consideration, but > if this change is not considered acceptable the previous patch is > sufficient to prevent access out of bounds without breaking anyone. > > Signed-off-by: Ian Munsie <imunsie@au1.ibm.com> Applied to powerpc fixes, thanks. https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=5caaf5346892d1e7f0b8b7223062644f8538483f cheers
diff --git a/drivers/misc/cxl/context.c b/drivers/misc/cxl/context.c index 6c1ce51..1287148 100644 --- a/drivers/misc/cxl/context.c +++ b/drivers/misc/cxl/context.c @@ -145,8 +145,16 @@ static const struct vm_operations_struct cxl_mmap_vmops = { */ int cxl_context_iomap(struct cxl_context *ctx, struct vm_area_struct *vma) { + u64 start = vma->vm_pgoff << PAGE_SHIFT; u64 len = vma->vm_end - vma->vm_start; - len = min(len, ctx->psn_size); + + if (ctx->afu->current_mode == CXL_MODE_DEDICATED) { + if (start + len > ctx->afu->adapter->ps_size) + return -EINVAL; + } else { + if (start + len > ctx->psn_size) + return -EINVAL; + } if (ctx->afu->current_mode != CXL_MODE_DEDICATED) { /* make sure there is a valid per process space for this AFU */