[PATCH 2/3] vfio/pci: Tolerate oversized BARs by disallowing mmap
From: Niklas Schnelle
Date: Tue May 21 2024 - 08:16:21 EST
On s390 there is a virtual PCI device called ISM which has a few rather
annoying oddities. For one it claims to have a 256 TiB PCI BAR (not
a typo) which leads to any attempt to mmap() it failing during vmap.
Even if one tried to map this "BAR" only partially the mapping would not
be usable on systems with MIO support enabled however. This is because
of another oddity in that this virtual PCI device does not support the
newer memory I/O (MIO) PCI instructions and legacy PCI instructions are
not accessible by user-space when MIO is in use. If this device needs to
be accessed by user-space it will thus need a vfio-pci variant driver.
Until then work around both issues by excluding resources which don't
fit between IOREMAP_START and IOREMAP_END in vfio_pci_probe_mmaps().
Signed-off-by: Niklas Schnelle <schnelle@xxxxxxxxxxxxx>
---
drivers/vfio/pci/vfio_pci_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index d94d61b92c1a..23961299b695 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -28,6 +28,7 @@
#include <linux/nospec.h>
#include <linux/sched/mm.h>
#include <linux/iommufd.h>
+#include <linux/ioremap.h>
#if IS_ENABLED(CONFIG_EEH)
#include <asm/eeh.h>
#endif
@@ -129,9 +130,12 @@ static void vfio_pci_probe_mmaps(struct vfio_pci_core_device *vdev)
/*
* The PCI core shouldn't set up a resource with a
* type but zero size. But there may be bugs that
- * cause us to do that.
+ * cause us to do that. There is also at least one
+ * device which advertises a resource too large to
+ * ioremap().
*/
- if (!resource_size(res))
+ if (!resource_size(res) ||
+ resource_size(res) > (IOREMAP_END + 1 - IOREMAP_START))
goto no_mmap;
if (resource_size(res) >= PAGE_SIZE) {
--
2.40.1