forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2023-12-11 072de836f53be56a70cecf70b43ae43b7ce17376 
 kernel/drivers/pci/proc.c
....@@ -13,6 +13,7 @@
1313 #include <linux/seq_file.h>
1414 #include <linux/capability.h>
1515 #include <linux/uaccess.h>
16
+#include <linux/security.h>
1617 #include <asm/byteorder.h>
1718 #include "pci.h"
1819 
....@@ -52,7 +53,7 @@
5253 		nbytes = size - pos;
5354 	cnt = nbytes;
5455 
55
-	if (!access_ok(VERIFY_WRITE, buf, cnt))
56
+	if (!access_ok(buf, cnt))
5657 		return -EINVAL;
5758 
5859 	pci_config_pm_runtime_get(dev);
....@@ -115,7 +116,11 @@
115116 	struct pci_dev *dev = PDE_DATA(ino);
116117 	int pos = *ppos;
117118 	int size = dev->cfg_size;
118
-	int cnt;
119
+	int cnt, ret;
120
+
121
+	ret = security_locked_down(LOCKDOWN_PCI_ACCESS);
122
+	if (ret)
123
+		return ret;
119124 
120125 	if (pos >= size)
121126 		return 0;
....@@ -125,7 +130,7 @@
125130 		nbytes = size - pos;
126131 	cnt = nbytes;
127132 
128
-	if (!access_ok(VERIFY_READ, buf, cnt))
133
+	if (!access_ok(buf, cnt))
129134 		return -EINVAL;
130135 
131136 	pci_config_pm_runtime_get(dev);
....@@ -196,6 +201,10 @@
196201 #endif /* HAVE_PCI_MMAP */
197202 	int ret = 0;
198203 
204
+	ret = security_locked_down(LOCKDOWN_PCI_ACCESS);
205
+	if (ret)
206
+		return ret;
207
+
199208 	switch (cmd) {
200209 	case PCIIOC_CONTROLLER:
201210 		ret = pci_domain_nr(dev->bus);
....@@ -222,6 +231,7 @@
222231 		}
223232 		/* If arch decided it can't, fall through... */
224233 #endif /* HAVE_PCI_MMAP */
234
+		fallthrough;
225235 	default:
226236 		ret = -EINVAL;
227237 		break;
....@@ -237,7 +247,8 @@
237247 	struct pci_filp_private *fpriv = file->private_data;
238248 	int i, ret, write_combine = 0, res_bit = IORESOURCE_MEM;
239249 
240
-	if (!capable(CAP_SYS_RAWIO))
250
+	if (!capable(CAP_SYS_RAWIO) ||
251
+	    security_locked_down(LOCKDOWN_PCI_ACCESS))
241252 		return -EPERM;
242253 
243254 	if (fpriv->mmap_state == pci_mmap_io) {
....@@ -247,13 +258,13 @@
247258 	}
248259 
249260 	/* Make sure the caller is mapping a real resource for this device */
250
-	for (i = 0; i < PCI_ROM_RESOURCE; i++) {
261
+	for (i = 0; i < PCI_STD_NUM_BARS; i++) {
251262 		if (dev->resource[i].flags & res_bit &&
252263 		    pci_mmap_fits(dev, i, vma,  PCI_MMAP_PROCFS))
253264 			break;
254265 	}
255266 
256
-	if (i >= PCI_ROM_RESOURCE)
267
+	if (i >= PCI_STD_NUM_BARS)
257268 		return -ENODEV;
258269 
259270 	if (fpriv->mmap_state == pci_mmap_mem &&
....@@ -295,19 +306,20 @@
295306 }
296307 #endif /* HAVE_PCI_MMAP */
297308 
298
-static const struct file_operations proc_bus_pci_operations = {
299
-	.owner		= THIS_MODULE,
300
-	.llseek		= proc_bus_pci_lseek,
301
-	.read		= proc_bus_pci_read,
302
-	.write		= proc_bus_pci_write,
303
-	.unlocked_ioctl	= proc_bus_pci_ioctl,
304
-	.compat_ioctl	= proc_bus_pci_ioctl,
309
+static const struct proc_ops proc_bus_pci_ops = {
310
+	.proc_lseek	= proc_bus_pci_lseek,
311
+	.proc_read	= proc_bus_pci_read,
312
+	.proc_write	= proc_bus_pci_write,
313
+	.proc_ioctl	= proc_bus_pci_ioctl,
314
+#ifdef CONFIG_COMPAT
315
+	.proc_compat_ioctl = proc_bus_pci_ioctl,
316
+#endif
305317 #ifdef HAVE_PCI_MMAP
306
-	.open		= proc_bus_pci_open,
307
-	.release	= proc_bus_pci_release,
308
-	.mmap		= proc_bus_pci_mmap,
318
+	.proc_open	= proc_bus_pci_open,
319
+	.proc_release	= proc_bus_pci_release,
320
+	.proc_mmap	= proc_bus_pci_mmap,
309321 #ifdef HAVE_ARCH_PCI_GET_UNMAPPED_AREA
310
-	.get_unmapped_area = get_pci_unmapped_area,
322
+	.proc_get_unmapped_area = get_pci_unmapped_area,
311323 #endif /* HAVE_ARCH_PCI_GET_UNMAPPED_AREA */
312324 #endif /* HAVE_PCI_MMAP */
313325 };
....@@ -376,7 +388,7 @@
376388 	}
377389 	seq_putc(m, '\t');
378390 	if (drv)
379
-		seq_printf(m, "%s", drv->name);
391
+		seq_puts(m, drv->name);
380392 	seq_putc(m, '\n');
381393 	return 0;
382394 }
....@@ -413,7 +425,7 @@
413425 
414426 	sprintf(name, "%02x.%x", PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn));
415427 	e = proc_create_data(name, S_IFREG | S_IRUGO | S_IWUSR, bus->procdir,
416
-			     &proc_bus_pci_operations, dev);
428
+			     &proc_bus_pci_ops, dev);
417429 	if (!e)
418430 		return -ENOMEM;
419431 	proc_set_size(e, dev->cfg_size);