| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 May 2007 19:56:29 -0700 From: Jesse Barnes <jbarnes@...tuousgeek.org> To: Olivier Galibert <galibert@...ox.com> Cc: Robert Hancock <hancockr@...w.ca>, linux-kernel <linux-kernel@...r.kernel.org>, Andi Kleen <ak@...e.de>, Chuck Ebbert <cebbert@...hat.com>, Len Brown <lenb@...nel.org> Subject: Re: [RFC PATCH] PCI MMCONFIG: add validation against ACPI motherboard resources On Tuesday, May 01, 2007, Jesse Barnes wrote: > On Monday, April 30, 2007, Olivier Galibert wrote: > > On Sun, Apr 29, 2007 at 08:14:37PM -0600, Robert Hancock wrote: > > > -Validate that the area is reserved even if we read it from the > > > chipset directly and not from the MCFG table. This catches the case > > > where the BIOS didn't set the location properly in the chipset and > > > has mapped it over other things it shouldn't have. This might be > > > overly pessimistic - we might be able to instead verify that no > > > other reserved resources (like chipset registers) are inside this > > > memory range. > > > > I have a fundamental problem with that: you don't validate a higher > > reliability information against a lower one. The chipset registers > > are high reliability. Modulo unknown hardware erratas and bugs in the > > code (and accepting f0000000 is in practice a bug in the code, the > > docs are starting to catch up with it too), the chipset *will* decode > > mmconfig at the looked up address no matter what. On the other side, > > the ACPI data is bios generated, and that is well known to be horribly > > unreliable. Hell, if it was reliable we could just use the MFCG ACPI > > table without questions. > > Now that I've read his patch closely I think you're right. > > Robert, it looks like you'll trust acpi_table_parse if > pci_mmcfg_check_hostbridge returns a failure. I think it should be > treated with a higher priority. If pci_mmcfg_check_hostbridge returns a > failure, there's no way MCFG space can work, so we should disable it > unconditionally in that case (even if ACPI says "trust me, when have I > ever lied to you?"). > > I'm testing it now on my 965... Bah... nevermind Robert, I see you're doing this already in pci_mmcfg_reject_broken. I'm about to reboot & test now. Jesse - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists