mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 23:39:18 +00:00
eb627e1772
Any hardware that can potentially generate DMA has to be locked down in order to avoid it being possible for an attacker to modify kernel code, allowing them to circumvent disabled module loading or module signing. Default to paranoid - in future we can potentially relax this for sufficiently IOMMU-isolated devices. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: linux-pci@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>
137 lines
2.8 KiB
C
137 lines
2.8 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* For architectures where we want to allow direct access to the PCI config
|
|
* stuff - it would probably be preferable on PCs too, but there people
|
|
* just do it by hand with the magic northbridge registers.
|
|
*/
|
|
|
|
#include <linux/errno.h>
|
|
#include <linux/pci.h>
|
|
#include <linux/security.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/uaccess.h>
|
|
#include "pci.h"
|
|
|
|
SYSCALL_DEFINE5(pciconfig_read, unsigned long, bus, unsigned long, dfn,
|
|
unsigned long, off, unsigned long, len, void __user *, buf)
|
|
{
|
|
struct pci_dev *dev;
|
|
u8 byte;
|
|
u16 word;
|
|
u32 dword;
|
|
long err;
|
|
long cfg_ret;
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
return -EPERM;
|
|
|
|
err = -ENODEV;
|
|
dev = pci_get_domain_bus_and_slot(0, bus, dfn);
|
|
if (!dev)
|
|
goto error;
|
|
|
|
switch (len) {
|
|
case 1:
|
|
cfg_ret = pci_user_read_config_byte(dev, off, &byte);
|
|
break;
|
|
case 2:
|
|
cfg_ret = pci_user_read_config_word(dev, off, &word);
|
|
break;
|
|
case 4:
|
|
cfg_ret = pci_user_read_config_dword(dev, off, &dword);
|
|
break;
|
|
default:
|
|
err = -EINVAL;
|
|
goto error;
|
|
}
|
|
|
|
err = -EIO;
|
|
if (cfg_ret != PCIBIOS_SUCCESSFUL)
|
|
goto error;
|
|
|
|
switch (len) {
|
|
case 1:
|
|
err = put_user(byte, (unsigned char __user *)buf);
|
|
break;
|
|
case 2:
|
|
err = put_user(word, (unsigned short __user *)buf);
|
|
break;
|
|
case 4:
|
|
err = put_user(dword, (unsigned int __user *)buf);
|
|
break;
|
|
}
|
|
pci_dev_put(dev);
|
|
return err;
|
|
|
|
error:
|
|
/* ??? XFree86 doesn't even check the return value. They
|
|
just look for 0xffffffff in the output, since that's what
|
|
they get instead of a machine check on x86. */
|
|
switch (len) {
|
|
case 1:
|
|
put_user(-1, (unsigned char __user *)buf);
|
|
break;
|
|
case 2:
|
|
put_user(-1, (unsigned short __user *)buf);
|
|
break;
|
|
case 4:
|
|
put_user(-1, (unsigned int __user *)buf);
|
|
break;
|
|
}
|
|
pci_dev_put(dev);
|
|
return err;
|
|
}
|
|
|
|
SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
|
unsigned long, off, unsigned long, len, void __user *, buf)
|
|
{
|
|
struct pci_dev *dev;
|
|
u8 byte;
|
|
u16 word;
|
|
u32 dword;
|
|
int err = 0;
|
|
|
|
if (!capable(CAP_SYS_ADMIN) ||
|
|
security_locked_down(LOCKDOWN_PCI_ACCESS))
|
|
return -EPERM;
|
|
|
|
dev = pci_get_domain_bus_and_slot(0, bus, dfn);
|
|
if (!dev)
|
|
return -ENODEV;
|
|
|
|
switch (len) {
|
|
case 1:
|
|
err = get_user(byte, (u8 __user *)buf);
|
|
if (err)
|
|
break;
|
|
err = pci_user_write_config_byte(dev, off, byte);
|
|
if (err != PCIBIOS_SUCCESSFUL)
|
|
err = -EIO;
|
|
break;
|
|
|
|
case 2:
|
|
err = get_user(word, (u16 __user *)buf);
|
|
if (err)
|
|
break;
|
|
err = pci_user_write_config_word(dev, off, word);
|
|
if (err != PCIBIOS_SUCCESSFUL)
|
|
err = -EIO;
|
|
break;
|
|
|
|
case 4:
|
|
err = get_user(dword, (u32 __user *)buf);
|
|
if (err)
|
|
break;
|
|
err = pci_user_write_config_dword(dev, off, dword);
|
|
if (err != PCIBIOS_SUCCESSFUL)
|
|
err = -EIO;
|
|
break;
|
|
|
|
default:
|
|
err = -EINVAL;
|
|
break;
|
|
}
|
|
pci_dev_put(dev);
|
|
return err;
|
|
}
|