[PATCH v3] uio:uio_pci_generic:Don't clear master bit when the process does not exit

From: Su Weifeng
Date: Sat Mar 04 2023 - 02:19:08 EST

Next message: Zhihao Cheng: "[PATCH v2] ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size"
Previous message: Christian Hewitt: "Re: [PATCH 2/2] arm64: dts: amlogic: Add initial support for BPI-CM4 module with BPI-CM4IO baseboard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Weifeng Su <suweifeng1@xxxxxxxxxx>

The /dev/uioX device has concurrent operations in a few scenarios.

For example, when a process is operating the uio0 device, someone executes
like "cat /dev/uio0" command. In this case, the bus master bit is cleared
unconditionally. As a result, the running program cannot work commands
or I/Os, which is usually unaware of. This happens after
865a11f("uio/uio_pci_generic: Disable bus-mastering on release");
The restriction on the process that uses the PCI device is added. The new
process can be used only after the process that uses the PCI device exits.
Otherwise, the system returns a message indicating that the device is busy.

Signed-off-by: Weifeng Su <suweifeng1@xxxxxxxxxx>
---

Change v2 -> v3:
The process is restricted from using the PCI device. Before the process
that uses the PCI device exits, the device returns EBUSY.
After the process exits, the master bit is cleared unconditionally
to ensure DMA security.

drivers/uio/uio_pci_generic.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)

diff --git a/drivers/uio/uio_pci_generic.c b/drivers/uio/uio_pci_generic.c
index e03f9b532..19bf5ead9 100644
--- a/drivers/uio/uio_pci_generic.c
+++ b/drivers/uio/uio_pci_generic.c
@@ -31,6 +31,7 @@
struct uio_pci_generic_dev {
struct uio_info info;
struct pci_dev *pdev;
+ atomic_t refcnt;
};

static inline struct uio_pci_generic_dev *
@@ -39,10 +40,21 @@ to_uio_pci_generic_dev(struct uio_info *info)
return container_of(info, struct uio_pci_generic_dev, info);
}

+static int open(struct uio_info *info, struct inode *inode)
+{
+ struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);
+
+ if (atomic_add_unless(&gdev->refcnt, 1, 1))
+ return 0;
+ else
+ return -EBUSY;
+}
+
static int release(struct uio_info *info, struct inode *inode)
{
struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);

+ atomic_dec(&gdev->refcnt);
/*
* This driver is insecure when used with devices doing DMA, but some
* people (mis)use it with such devices.
@@ -93,7 +105,9 @@ static int probe(struct pci_dev *pdev,
gdev->info.name = "uio_pci_generic";
gdev->info.version = DRIVER_VERSION;
gdev->info.release = release;
+ gdev->info.open = open;
gdev->pdev = pdev;
+ atomic_set(&gdev->refcnt, 0);
if (pdev->irq && (pdev->irq != IRQ_NOTCONNECTED)) {
gdev->info.irq = pdev->irq;
gdev->info.irq_flags = IRQF_SHARED;
--
2.33.0

Next message: Zhihao Cheng: "[PATCH v2] ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size"
Previous message: Christian Hewitt: "Re: [PATCH 2/2] arm64: dts: amlogic: Add initial support for BPI-CM4 module with BPI-CM4IO baseboard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]