pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address is within ioport-range IF the config specifies that ioports exist. If so, the port should be unmapped with ioport_unmap(). If not, it's a generic MMIO address that has to be passed to iounmap().
The bugs are: 1. ioport_unmap() is missing entirely, so this function will never actually unmap a port. 2. the #ifdef for the ioport-ranges accidentally also guards iounmap(), potentially compiling an empty function. This would cause the mapping to be leaked.
Implement the missing call to ioport_unmap().
Move the guard so that iounmap() will always be part of the function.
CC: stable@vger.kernel.org # v5.15+ Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all") Reported-by: Danilo Krummrich dakr@redhat.com Suggested-by: Arnd Bergmann arnd@kernel.org Signed-off-by: Philipp Stanner pstanner@redhat.com --- In case someone wants to look into that and provide patches for kernels older than v5.15: Note that this patch only applies to v5.15+ – the leaks, however, are older. I went through the log briefly and it seems f5810e5c32923 already contains them in asm-generic/io.h. --- lib/pci_iomap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c index ce39ce9f3526..6e144b017c48 100644 --- a/lib/pci_iomap.c +++ b/lib/pci_iomap.c @@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p) uintptr_t start = (uintptr_t) PCI_IOBASE; uintptr_t addr = (uintptr_t) p;
- if (addr >= start && addr < start + IO_SPACE_LIMIT) + if (addr >= start && addr < start + IO_SPACE_LIMIT) { + ioport_unmap(p); return; - iounmap(p); + } #endif + iounmap(p); } EXPORT_SYMBOL(pci_iounmap);