Bug 645287 – [PATCH] fix size checks for mmap() on /proc/bus/pci files

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 645287 - [PATCH] fix size checks for mmap() on /proc/bus/pci files

Summary:	[PATCH] fix size checks for mmap() on /proc/bus/pci files

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Prarit Bhargava
QA Contact:	Boris Ranto
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-10-21 04:50 EDT by Martin Wilck
Modified:	2018-10-27 07:32 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	kernel-2.6.32-112.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-05-23 16:26:49 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Suggested patch sent to LKML (against RHEL6 kernel, code hasn't changed upstream). (3.83 KB, patch) 2010-10-21 04:50 EDT, Martin Wilck	no flags	Details \| Diff
system tap script used for analyzing this problem. Use together with attached test program. (825 bytes, text/plain) 2010-10-21 04:51 EDT, Martin Wilck	no flags	Details
Test program for mmap(). run like this: "pci /proc/bus/pci/04/00.0 1024 91c20000" (947 bytes, text/plain) 2010-10-21 04:53 EDT, Martin Wilck	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0542	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update	2011-05-19 07:58:07 EDT

Groups: None (edit)

Description Martin Wilck 2010-10-21 04:50:27 EDT

Created attachment 454747 [details]
Suggested patch sent to LKML (against RHEL6 kernel, code hasn't changed upstream).

Description of problem:

Running certain tools (e.g. the config tool "lsiutil" for mpt based controllers) prints bogus warnings in syslog. This is caused by wrong consitency checks on mmap() calls on files under /proc/bus/pci.

Version-Release number of selected component (if applicable):
2.6.32-71.el6 (RHEL6 RC)

How reproducible:
always

Steps to Reproduce:
1. try mmap on a valid memory resource on a /proc/bus/pci filewith attached test program pci.c
  
Actual results:
WARNING: at drivers/pci/pci-sysfs.c:688 pci_mmap_fits+0xad/0xe0() (Tainted: G        W  ---------------- )
Hardware name: PRIMERGY RX600 S5
process "pci1" tried to map 0x00091c20-0x00091c21 on 0000:04:00.0 BAR 0 (size 0x00000020)
Modules linked in: [...]
mod [last unloaded: stap_da9f117f8e592d256081a352c344e54d_6815]
Pid: 13427, comm: pci1 Tainted: G        W  ----------------  2.6.32-71.el6.x86_64 #1
Call Trace:
 [<ffffffff8106b857>] warn_slowpath_common+0x87/0xc0
 [<ffffffff8106b946>] warn_slowpath_fmt+0x46/0x50
 [<ffffffff8127951d>] pci_mmap_fits+0xad/0xe0
 [<ffffffff81077fd3>] ? capable+0x13/0x50
 [<ffffffff814cc3f9>] kretprobe_trampoline+0x0/0x57
 [<ffffffff811cf1ad>] proc_reg_mmap+0x6d/0xb0
 [<ffffffff8113bd30>] mmap_region+0x410/0x5a0
 [<ffffffff8113c1fa>] do_mmap_pgoff+0x33a/0x380
 [<ffffffff8112c1af>] sys_mmap_pgoff+0x1cf/0x2a0
 [<ffffffff81018129>] sys_mmap+0x29/0x30
 [<ffffffff81013172>] system_call_fastpath+0x16/0x1b


Expected results:
No warning

Additional info:
I sent a suggested patch for this problem to upstream today (2010-10-21),
subject "[PATCH] fix size checks for mmap() on /proc/bus/pci files".

Comment 1 Martin Wilck 2010-10-21 04:51:32 EDT

Created attachment 454748 [details]
system tap script used for analyzing this problem. Use together with attached test program.

Comment 3 Martin Wilck 2010-10-21 04:53:28 EDT

Created attachment 454749 [details]
Test program for mmap(). run like this: "pci /proc/bus/pci/04/00.0 1024 91c20000"

Comment 4 Martin Wilck 2010-10-21 04:56:36 EDT

This problem has been reported earlier (without patch), see e.g. http://bugs.gentoo.org/show_bug.cgi?id=335666

Comment 5 Martin Wilck 2010-10-21 05:31:09 EDT

Upstream submission: http://lkml.org/lkml/2010/10/21/62

Comment 6 Martin Wilck 2010-10-21 10:28:46 EDT

Made a retest: The problem described above is indeed solved by the attached patch.

Comment 7 Martin Wilck 2010-11-12 10:21:42 EST

Accepted in "for-linus" branch of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6.git. Commit ID is 3b519e4ea618b6943a82931630872907f9ac2c2b.

Comment 8 Prarit Bhargava 2010-11-12 10:36:55 EST

(In reply to comment #7)
> Accepted in "for-linus" branch of
> git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6.git. Commit ID is
> 3b519e4ea618b6943a82931630872907f9ac2c2b.

Clearing the conditional nak for upstream.  I'll push this for RHEL6.1.

Thanks for the update Martin!

P.

Comment 9 RHEL Product and Program Management 2010-11-12 10:40:00 EST

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 10 Prarit Bhargava 2010-11-16 11:13:46 EST

Martin, do you know of a system on which this can be reproduced on?

Thanks,

P.

Comment 11 Prarit Bhargava 2010-11-16 11:37:43 EST

(In reply to comment #10)
> Martin, do you know of a system on which this can be reproduced on?
> 
> Thanks,
> 
> P.

Oops -- I see there is a reproducer attached to this BZ.

P.

Comment 12 Martin Wilck 2010-11-16 12:05:06 EST

Note that my committed patch contains a bug. You need to apply http://lkml.org/lkml/2010/11/16/52 on top of it.

Comment 13 Prarit Bhargava 2010-11-16 13:04:23 EST

(In reply to comment #12)
> Note that my committed patch contains a bug. You need to apply
> http://lkml.org/lkml/2010/11/16/52 on top of it.

Heh :)  I found that patch after I got the exact warning the reporter found :)

P.

Comment 15 Aristeu Rozanski 2011-02-03 11:45:02 EST

Patch(es) available on kernel-2.6.32-112.el6

Comment 19 errata-xmlrpc 2011-05-23 16:26:49 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0542.html

Note You need to log in before you can comment on or make changes to this bug.