Patch "vfio/pci: Add missing range check in vfio_pci_mmap" has been added to the 5.11-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 18 Apr 2021 12:45:54 +0200

This is a note to let you know that I've just added the patch titled

    vfio/pci: Add missing range check in vfio_pci_mmap

to the 5.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vfio-pci-add-missing-range-check-in-vfio_pci_mmap.patch
and it can be found in the queue-5.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 909290786ea335366e21d7f1ed5812b90f2f0a92 Mon Sep 17 00:00:00 2001
From: "Christian A. Ehrhardt" <lk@xxxxxxx>
Date: Mon, 12 Apr 2021 23:41:24 +0200
Subject: vfio/pci: Add missing range check in vfio_pci_mmap

From: Christian A. Ehrhardt <lk@xxxxxxx>

commit 909290786ea335366e21d7f1ed5812b90f2f0a92 upstream.

When mmaping an extra device region verify that the region index
derived from the mmap offset is valid.

Fixes: a15b1883fee1 ("vfio_pci: Allow mapping extra regions")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Christian A. Ehrhardt <lk@xxxxxxx>
Message-Id: <20210412214124.GA241759@xxxxxxxxxxxxxx>
Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
Reviewed-by: Cornelia Huck <cohuck@xxxxxxxxxx>
Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/vfio/pci/vfio_pci.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -1658,6 +1658,8 @@ static int vfio_pci_mmap(void *device_da
 
 	index = vma->vm_pgoff >> (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT);
 
+	if (index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions)
+		return -EINVAL;
 	if (vma->vm_end < vma->vm_start)
 		return -EINVAL;
 	if ((vma->vm_flags & VM_SHARED) == 0)
@@ -1666,7 +1668,7 @@ static int vfio_pci_mmap(void *device_da
 		int regnum = index - VFIO_PCI_NUM_REGIONS;
 		struct vfio_pci_region *region = vdev->region + regnum;
 
-		if (region && region->ops && region->ops->mmap &&
+		if (region->ops && region->ops->mmap &&
 		    (region->flags & VFIO_REGION_INFO_FLAG_MMAP))
 			return region->ops->mmap(vdev, region, vma);
 		return -EINVAL;


Patches currently in stable-queue which might be from lk@xxxxxxx are

queue-5.11/vfio-pci-add-missing-range-check-in-vfio_pci_mmap.patch






