#
339932 |
|
30-Oct-2018 |
jhb |
MFC 338408: Don't directly dereference a user pointer in the VPD ioctl.
The PCIOCLISTVPD ioctl on /dev/pci is used to fetch a list of VPD key-value pairs for a specific PCI function. It is used by 'pciconf -l -V'. The list is stored in a userland-supplied buffer as an array of variable-length structures where the key and data length are stored in a fixed-size header followed by the variable-length value as a byte array. To facilitate walking this array in userland, <sys/pciio.h> provides a PVE_NEXT() helper macro to return a pointer to the next array element by reading the the length out of the current header and using it to compute the address of the next header.
To simplify the implementation, the ioctl handler was also using PVE_NEXT() when on the user address of the user buffer to compute the user address of the next array element. However, the PVE_NEXT() macro when used with a user address was reading the value's length by indirecting the user pointer. The value was ready after the current record had been copied out to the user buffer, so it appeared to work on architectures where user addresses are directly dereferencable from the kernel (all but powerpc and i386 after the 4:4 split). The recent enablement of SMAP on amd64 caught this violation however. To fix, add a variant of PVE_NEXT() for use in the ioctl handler that takes an explicit value length.
|
#
306469 |
|
29-Sep-2016 |
jhb |
MFC 303881: Reliably return PCI_GETCONF_LAST_DEVICE from PCIOCGETCONF.
Previously the loop in PCIIOCGETCONF would terminate as soon as it found enough matches. Now it will continue iterating through the PCI device list and only terminate if it finds another matching device for which it has no room to store a conf structure. This means that PCI_GETCONF_LAST_DEVICE is reliably returned when the number of matching devices is equal to the number of slots in the matches buffer. For example, if a program requests the conf structure for a single PCI function with a specified domain/bus/slot/function it will now get PCI_GETCONF_LAST_DEVICE instead of PCI_GETCONF_MORE_DEVS.
While here, simplify the loop conditional a bit more by explicitly breaking out of the loop if copyout() fails and removing a redundant i < pci_numdevs check.
Sponsored by: Chelsio Communications
|
#
306468 |
|
29-Sep-2016 |
jhb |
MFC 295813,295816: Remove redundant check for "(dinfo != NULL)".
|
#
262134 |
|
17-Feb-2014 |
jhb |
MFC 260926: Add support for displaying VPD for PCI devices via pciconf. - Store the length of each read-only VPD value since not all values are guaranteed to be ASCII values (though most are). - Add a new pciio ioctl to fetch VPD for a single PCI device. The values are returned as a list of variable length records, one for the device name and each keyword. - Add a new -V flag to pciconf's list mode which displays VPD data for each device.
|
#
262134 |
|
17-Feb-2014 |
jhb |
MFC 260926: Add support for displaying VPD for PCI devices via pciconf. - Store the length of each read-only VPD value since not all values are guaranteed to be ASCII values (though most are). - Add a new pciio ioctl to fetch VPD for a single PCI device. The values are returned as a list of variable length records, one for the device name and each keyword. - Add a new -V flag to pciconf's list mode which displays VPD data for each device.
|