| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 May 2007 18:31:35 -0600 From: Robert Hancock <hancockr@...w.ca> To: Jesse Barnes <jbarnes@...tuousgeek.org> Cc: Olivier Galibert <galibert@...ox.com>, linux-kernel <linux-kernel@...r.kernel.org>, Andi Kleen <ak@...e.de>, Chuck Ebbert <cebbert@...hat.com>, Len Brown <lenb@...nel.org> Subject: Re: [RFC PATCH] PCI MMCONFIG: add validation against ACPI motherboard resources Jesse Barnes wrote: > On Monday, May 21, 2007, Jesse Barnes wrote: >> Yeah, I've got that data... just a sec while I make sure it's >> reproducable... >> >> Aha, I hadn't decoded the devfn before, looks like it's dying on an >> access to the graphics device (bus 0, slot 2, device 0): >> >> ... >> pci_mmcfg_read: 0, 0, 0x10, 0x18, 4 = 0xc000000c >> pci_mmcfg_read: 0, 0, 0x10, 0x18, 4 = <hang> >> ... >> >> Offset 0x18 into the graphics config space should be the graphics memory >> range address, and 0xc000000c is the correct value. But for some reason >> it hangs on the second access. >> >> It hangs here everytime. > > That register is in the config space BAR region, so it should be ok to > write 0xffffffff to it and read it back to size the register. However, > it's after writing the 0xffffffff to it and trying to read it back that > the machine hangs. I didn't see any accesses to the command register to > disable decoding (at least not via the mmconfig methods), so maybe that's > broken during MCFG based probing? Eww. I don't see where we disable the decode at all while we probe the BARs on the device. That seems like a bad thing, especially with the way we probe 64-bit BARs (do the low 32 bits first and then the high 32 bits). This means the base address effectively gets set to 0xfffffff0 momentarily, which might cause some issues. I'd try adding some code inside pci_setup_device (drivers/pci/probe.c) to disable PCI_COMMAND_IO and PCI_COMMAND_MEMORY on the device when probing devices with the standard header type and then restoring the previous command bits afterwards, and see what effect that has. It'll be interesting if it does, since obviously it seems to work as it is with non-MMCONFIG access methods. Maybe the base address being set like that interferes with MMCONFIG access itself somehow? -- Robert Hancock Saskatoon, SK, Canada To email, remove "nospam" from hancockr@...pamshaw.ca Home Page: http://www.roberthancock.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists