iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iommu/amd: Do proper access checking before calling handle_mm_fault()

Browse Source 
The handle_mm_fault function expects the caller to do the
access checks. Not doing so and calling the function with
wrong permissions is a bug (catched by a BUG_ON).
So fix this bug by adding proper access checking to the io
page-fault code in the AMD IOMMUv2 driver.

Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Acked-By: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
This commit is contained in:
Joerg Roedel 2015-11-17 16:11:36 +01:00
parent 9f9499ae8e
commit 7b5cc1a9c9
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
drivers/iommu/amd_iommu_v2.c
View File

@ -494,6 +494,22 @@ static void handle_fault_error(struct fault *fault)
} }
} }
static bool access_error(struct vm_area_struct *vma, struct fault *fault)
{
unsigned long requested = 0;
if (fault->flags & PPR_FAULT_EXEC)
requested |= VM_EXEC;
if (fault->flags & PPR_FAULT_READ)
requested |= VM_READ;
if (fault->flags & PPR_FAULT_WRITE)
requested |= VM_WRITE;
return (requested & ~vma->vm_flags) != 0;
}
static void do_fault(struct work_struct *work) static void do_fault(struct work_struct *work)
{ {
struct fault *fault = container_of(work, struct fault, work); struct fault *fault = container_of(work, struct fault, work);
@ -516,8 +532,8 @@ static void do_fault(struct work_struct *work)
goto out; goto out;
} }
if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) { /* Check if we have the right permissions on the vma */
/* handle_mm_fault would BUG_ON() */ if (access_error(vma, fault)) {
up_read(&mm->mmap_sem); up_read(&mm->mmap_sem);
handle_fault_error(fault); handle_fault_error(fault);
goto out; goto out;