releases/5.10.32/vfio-pci-add-missing-range-check-in-vfio_pci_mmap.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 909290786ea335366e21d7f1ed5812b90f2f0a92 Mon Sep 17 00:00:00 2001
 From: "Christian A. Ehrhardt" <lk@c--e.de>
 Date: Mon, 12 Apr 2021 23:41:24 +0200
 Subject: vfio/pci: Add missing range check in vfio_pci_mmap

 From: Christian A. Ehrhardt <lk@c--e.de>

 commit 909290786ea335366e21d7f1ed5812b90f2f0a92 upstream.

 When mmaping an extra device region verify that the region index
 derived from the mmap offset is valid.

 Fixes: a15b1883fee1 ("vfio_pci: Allow mapping extra regions")
 Cc: stable@vger.kernel.org
 Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
 Message-Id: <20210412214124.GA241759@lisa.in-ulm.de>
 Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
 Reviewed-by: Cornelia Huck <cohuck@redhat.com>
 Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/vfio/pci/vfio_pci.c |    4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

 --- a/drivers/vfio/pci/vfio_pci.c
 +++ b/drivers/vfio/pci/vfio_pci.c
 @@ -1658,6 +1658,8 @@ static int vfio_pci_mmap(void *device_da

  	index = vma->vm_pgoff >> (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT);

 +	if (index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions)
 +		return -EINVAL;
  	if (vma->vm_end < vma->vm_start)
  		return -EINVAL;
  	if ((vma->vm_flags & VM_SHARED) == 0)
 @@ -1666,7 +1668,7 @@ static int vfio_pci_mmap(void *device_da
  		int regnum = index - VFIO_PCI_NUM_REGIONS;
  		struct vfio_pci_region *region = vdev->region + regnum;

 -		if (region && region->ops && region->ops->mmap &&
 +		if (region->ops && region->ops->mmap &&
  		    (region->flags & VFIO_REGION_INFO_FLAG_MMAP))
  			return region->ops->mmap(vdev, region, vma);
  		return -EINVAL;
	From 909290786ea335366e21d7f1ed5812b90f2f0a92 Mon Sep 17 00:00:00 2001
	From: "Christian A. Ehrhardt" <lk@c--e.de>
	Date: Mon, 12 Apr 2021 23:41:24 +0200
	Subject: vfio/pci: Add missing range check in vfio_pci_mmap

	From: Christian A. Ehrhardt <lk@c--e.de>

	commit 909290786ea335366e21d7f1ed5812b90f2f0a92 upstream.

	When mmaping an extra device region verify that the region index
	derived from the mmap offset is valid.

	Fixes: a15b1883fee1 ("vfio_pci: Allow mapping extra regions")
	Cc: stable@vger.kernel.org
	Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
	Message-Id: <20210412214124.GA241759@lisa.in-ulm.de>
	Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
	Reviewed-by: Cornelia Huck <cohuck@redhat.com>
	Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/vfio/pci/vfio_pci.c \| 4 +++-
	1 file changed, 3 insertions(+), 1 deletion(-)

	--- a/drivers/vfio/pci/vfio_pci.c
	+++ b/drivers/vfio/pci/vfio_pci.c
	@@ -1658,6 +1658,8 @@ static int vfio_pci_mmap(void *device_da

	index = vma->vm_pgoff >> (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT);

	+ if (index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions)
	+ return -EINVAL;
	if (vma->vm_end < vma->vm_start)
	return -EINVAL;
	if ((vma->vm_flags & VM_SHARED) == 0)
	@@ -1666,7 +1668,7 @@ static int vfio_pci_mmap(void *device_da
	int regnum = index - VFIO_PCI_NUM_REGIONS;
	struct vfio_pci_region *region = vdev->region + regnum;

	- if (region && region->ops && region->ops->mmap &&
	+ if (region->ops && region->ops->mmap &&
	(region->flags & VFIO_REGION_INFO_FLAG_MMAP))
	return region->ops->mmap(vdev, region, vma);
	return -EINVAL;