Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2658670imm; Sun, 12 Aug 2018 20:33:23 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxLKP9OAX/gzgW3WbCmNFzk75dNvT59N4M8dVV15svJsapMaXhshF0jR4r/20rHQzQevJDS X-Received: by 2002:a63:fc0a:: with SMTP id j10-v6mr15382306pgi.1.1534131203191; Sun, 12 Aug 2018 20:33:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534131203; cv=none; d=google.com; s=arc-20160816; b=doBZfXv5KMhBsYeibvxaRXaD1+OQCrXmpkMjzY2+8qx5q7Kkh3I3Mdjn30oXI5ajzH 6GfnSAffsW4osSc3CezBbrOIWO7tHK4YMeFa4c6RexEO0X3TmzjDE9beWv2Fpa+gyoJK QzMoJhbvqCQIKnC2cvD5ymOMOTcKMPWjk8uu4l2ydOTS94frPW613x7kFOpRQqJpCHDK hdeqoP3/8An+Zb7FqFXYYnA6rwII9dgQPVi9qw8+eRkUszci6mbm1XxMbKOsTlz4BvWE Bjsjx1JOolx6wEfbcJ1FugQ2n/fnBr2aj74bAwZj5eW3i81twXZJFE/9z56d1EsiytLK VPNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=d2Tk1R52KQjt/OwKl28Gz6iAFOxujSYG5B2hXf4fCNg=; b=qsqparCES35nVLujQag+vGl5k39fDQq9fEpEeTJqfa5s6FAUzrlNovM2Vq/kdRseX1 XNiHiOEjhNVviK5uyGssPRBS8WSzPC2D+PEmoKHkR8ebor5rXN7Vj0IgWlxh8gJ6A0EB VpziJHFOh6n84es+FA/ziV8l98jQMuYjBO2V9o0U55FEetwRISsOJB8ns9/niQ09S7bU VnAtvhpGMpF4xEFVtktU61a8Iw6jocPoIiVBxIwSd+GafsJOxNcOkeucQvriO88Z2ovW kuj79UswDGrtV0nLn/cOfwyewEwKjdQ/xH1EJtCoalAWI0GpJA03enx8sCNWYpAXbfii JpfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z62-v6si14194372pgz.640.2018.08.12.20.33.07; Sun, 12 Aug 2018 20:33:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727847AbeHMGE0 (ORCPT + 99 others); Mon, 13 Aug 2018 02:04:26 -0400 Received: from mga11.intel.com ([192.55.52.93]:52940 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726435AbeHMGE0 (ORCPT ); Mon, 13 Aug 2018 02:04:26 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Aug 2018 20:24:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,231,1531810800"; d="scan'208";a="74856396" Received: from linux.intel.com ([10.54.29.200]) by orsmga003.jf.intel.com with ESMTP; 12 Aug 2018 20:24:09 -0700 Received: from dazhang1-ssd.sh.intel.com (dazhang1-ssd.sh.intel.com [10.239.48.78]) by linux.intel.com (Postfix) with ESMTP id D776258019B; Sun, 12 Aug 2018 20:24:07 -0700 (PDT) From: Zhang Yi To: linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, dan.j.williams@intel.com, jack@suse.cz, zwisler@kernel.org, dave.jiang@intel.com, yu.c.zhang@intel.com Cc: yi.z.zhang@intel.com, Zhang Yi Subject: [PATCH V2 1/1] device-dax: check for vma range while dax_mmap. Date: Mon, 13 Aug 2018 20:02:56 +0800 Message-Id: <46441800c43f029757c70d8386e3112701081503.1534160958.git.yi.z.zhang@linux.intel.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch prevents a user mapping an illegal vma range that is larger than a dax device physical resource. When qemu maps the dax device for virtual nvdimm's backend device, the v-nvdimm label area is defined at the end of mapped range. By using an illegal size that exceeds the range of the device dax, it will trigger a fault with qemu. Signed-off-by: Zhang Yi --- drivers/dax/device.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/drivers/dax/device.c b/drivers/dax/device.c index 108c37f..6fe8c30 100644 --- a/drivers/dax/device.c +++ b/drivers/dax/device.c @@ -177,6 +177,33 @@ static const struct attribute_group *dax_attribute_groups[] = { NULL, }; +static int check_vma_range(struct dev_dax *dev_dax, struct vm_area_struct *vma, + const char *func) +{ + struct device *dev = &dev_dax->dev; + struct resource *res; + unsigned long size; + int ret, i; + + if (!dax_alive(dev_dax->dax_dev)) + return -ENXIO; + + size = vma->vm_end - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT); + ret = -EINVAL; + for (i = 0; i < dev_dax->num_resources; i++) { + res = &dev_dax->res[i]; + if (size > resource_size(res)) { + dev_info_ratelimited(dev, + "%s: %s: fail, vma range overflow\n", + current->comm, func); + ret = -EINVAL; + continue; + } else + return 0; + } + return ret; +} + static int check_vma(struct dev_dax *dev_dax, struct vm_area_struct *vma, const char *func) { @@ -469,6 +496,8 @@ static int dax_mmap(struct file *filp, struct vm_area_struct *vma) */ id = dax_read_lock(); rc = check_vma(dev_dax, vma, __func__); + if (!rc) + rc = check_vma_range(dev_dax, vma, __func__); dax_read_unlock(id); if (rc) return rc; -- 2.7.4