linux/drivers/misc/cxl
Ian Munsie 49e9c99f47 cxl: Fix allowing bogus AFU descriptors with 0 maximum processes
If the AFU descriptor of an AFU directed AFU indicates that it supports
0 maximum processes, we will accept that value and attempt to use it.
The SPA will still be allocated (with 2 pages due to another minor bug
and room for 958 processes), and when a context is allocated we will
pass the value of 0 to idr_alloc as the maximum. However, idr_alloc will
treat that as meaning no maximum and will allocate a context number and
we return a valid context.

Conceivably, this could lead to a buffer overflow of the SPA if more
than 958 contexts were allocated, however this is mitigated by the fact
that there are no known AFUs in the wild with a bogus AFU descriptor
like this, and that only the root user is allowed to flash an AFU image
to a card.

Add a check when validating the AFU descriptor to reject any with 0
maximum processes.

We do still allow a dedicated process only AFU to indicate that it
supports 0 contexts even though that is forbidden in the architecture,
as in that case we ignore the value and use 1 instead. This is just on
the off-chance that such a dedicated process AFU may exist (not that I
am aware of any), since their developers are less likely to have cared
about this value at all.

Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-07-08 22:10:42 +10:00
..
Kconfig cxl: Add mechanism for delivering AFU driver specific events 2016-06-28 18:34:56 +10:00
Makefile cxl: Support to flash a new image on the adapter from a guest 2016-03-09 23:39:56 +11:00
api.c cxl: Add set and get private data to context struct 2016-06-28 18:35:08 +10:00
base.c cxl: Parse device tree and create cxl device(s) at boot 2016-03-09 23:39:59 +11:00
context.c powerpc updates for 4.7 2016-05-20 10:12:41 -07:00
cxl.h cxl: Add set and get private data to context struct 2016-06-28 18:35:08 +10:00
debugfs.c cxl: Abstract the differences between the PSL and XSL 2016-06-16 23:08:54 +10:00
fault.c powerpc/mm: Replace _PAGE_USER with _PAGE_PRIVILEGED 2016-05-01 18:32:26 +10:00
file.c cxl: Add mechanism for delivering AFU driver specific events 2016-06-28 18:34:56 +10:00
flash.c cxl: static-ify variables to fix sparse warnings 2016-06-16 22:49:27 +10:00
guest.c cxl: Update process element after allocating interrupts 2016-06-16 23:08:49 +10:00
hcalls.c cxl: Add tracepoints around the cxl hcall 2016-03-09 23:40:01 +11:00
hcalls.h cxl: Add guest-specific code 2016-03-09 23:36:52 +11:00
irq.c cxl: Keep IRQ mappings on context teardown 2016-04-27 12:04:31 +10:00
main.c cxl: Adapter failure handling 2016-03-09 23:40:00 +11:00
native.c cxl: Abstract the differences between the PSL and XSL 2016-06-16 23:08:54 +10:00
of.c cxl: Add guest-specific code 2016-03-09 23:36:52 +11:00
pci.c cxl: Fix allowing bogus AFU descriptors with 0 maximum processes 2016-07-08 22:10:42 +10:00
sysfs.c cxl: Allow initialization on timebase sync failures 2016-04-22 21:45:44 +10:00
trace.c cxl: Add tracepoints 2015-01-22 17:31:51 +11:00
trace.h cxl: Add tracepoints around the cxl hcall 2016-03-09 23:40:01 +11:00
vphb.c cxl: Make vPHB device node match adapter's 2016-06-16 23:11:30 +10:00