lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Sep 2008 20:20:08 -0700 From: Jesse Brandeburg <jesse.brandeburg@...el.com> To: linux-kernel@...r.kernel.org Cc: linux-netdev@...r.kernel.org, kkeil@...e.de, agospoda@...hat.com, arjan@...ux.intel.com, david.graham@...el.com, bruce.w.allan@...el.com, jkosina@...e.cz, john.ronciak@...el.com, tglx@...utronix.de, chris.jones@...onical.com, tim.gardner@...el.com, airlied@...il.com, Bruce Allan <bruce.w.allan@...el.com>, Jesse Brandeburg <jesse.brandeburg@...el.com> Subject: [RFC PATCH 10/12] e1000e: Use set_memory_ro()/set_memory_rw() to protect flash memory From: Bruce Allan <bruce.w.allan@...el.com> A number of users have reported NVM corruption on various ICHx platform LOMs. One possible reasons for this could be unexpected and/or malicious writes to the flash memory area mapped into kernel memory. Once the interface is up, there should be very few reads/writes of the mapped flash memory. This patch makes use of the x86 set_memory_*() functions to set the mapped memory read-only and temporarily set it writable only when the driver needs to write to it. With the memory set read-only, any unexpected write will be logged with a stack dump indicating the offending code. Since these LOMs are only on x86 ICHx platforms, it does not matter that this API is not yet available on other architectures, however it is dependent on a previous patch that exports these function name symbols. Signed-off-by: Bruce Allan <bruce.w.allan@...el.com> Signed-off-by: Jesse Brandeburg <jesse.brandeburg@...el.com> --- drivers/net/e1000e/e1000.h | 1 + drivers/net/e1000e/hw.h | 1 + drivers/net/e1000e/ich8lan.c | 16 ++++++++++++++++ drivers/net/e1000e/netdev.c | 11 +++++++---- 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/drivers/net/e1000e/e1000.h b/drivers/net/e1000e/e1000.h index f80e43a..2a3a311 100644 --- a/drivers/net/e1000e/e1000.h +++ b/drivers/net/e1000e/e1000.h @@ -36,6 +36,7 @@ #include <linux/workqueue.h> #include <linux/io.h> #include <linux/netdevice.h> +#include <asm/cacheflush.h> #include "hw.h" diff --git a/drivers/net/e1000e/hw.h b/drivers/net/e1000e/hw.h index 74f263a..dd25009 100644 --- a/drivers/net/e1000e/hw.h +++ b/drivers/net/e1000e/hw.h @@ -863,6 +863,7 @@ struct e1000_hw { u8 __iomem *hw_addr; u8 __iomem *flash_address; + resource_size_t flash_len; struct e1000_mac_info mac; struct e1000_fc_info fc; diff --git a/drivers/net/e1000e/ich8lan.c b/drivers/net/e1000e/ich8lan.c index 57c6d2f..2b1aa2a 100644 --- a/drivers/net/e1000e/ich8lan.c +++ b/drivers/net/e1000e/ich8lan.c @@ -176,12 +176,28 @@ static inline u32 __er32flash(struct e1000_hw *hw, unsigned long reg) static inline void __ew16flash(struct e1000_hw *hw, unsigned long reg, u16 val) { +#ifdef _ASM_X86_CACHEFLUSH_H + set_memory_rw((unsigned long)hw->flash_address, + hw->flash_len >> PAGE_SHIFT); +#endif writew(val, hw->flash_address + reg); +#ifdef _ASM_X86_CACHEFLUSH_H + set_memory_ro((unsigned long)hw->flash_address, + hw->flash_len >> PAGE_SHIFT); +#endif } static inline void __ew32flash(struct e1000_hw *hw, unsigned long reg, u32 val) { +#ifdef _ASM_X86_CACHEFLUSH_H + set_memory_rw((unsigned long)hw->flash_address, + hw->flash_len >> PAGE_SHIFT); +#endif writel(val, hw->flash_address + reg); +#ifdef _ASM_X86_CACHEFLUSH_H + set_memory_ro((unsigned long)hw->flash_address, + hw->flash_len >> PAGE_SHIFT); +#endif } #define er16flash(reg) __er16flash(hw, (reg)) diff --git a/drivers/net/e1000e/netdev.c b/drivers/net/e1000e/netdev.c index 57cead3..f04de5a 100644 --- a/drivers/net/e1000e/netdev.c +++ b/drivers/net/e1000e/netdev.c @@ -4402,7 +4402,6 @@ static int __devinit e1000_probe(struct pci_dev *pdev, struct e1000_hw *hw; const struct e1000_info *ei = e1000_info_tbl[ent->driver_data]; resource_size_t mmio_start, mmio_len; - resource_size_t flash_start, flash_len; static int cards_found; int i, err, pci_using_dac; @@ -4472,11 +4471,15 @@ static int __devinit e1000_probe(struct pci_dev *pdev, if ((adapter->flags & FLAG_HAS_FLASH) && (pci_resource_flags(pdev, 1) & IORESOURCE_MEM)) { - flash_start = pci_resource_start(pdev, 1); - flash_len = pci_resource_len(pdev, 1); - adapter->hw.flash_address = ioremap(flash_start, flash_len); + adapter->hw.flash_len = pci_resource_len(pdev, 1); + adapter->hw.flash_address = ioremap(pci_resource_start(pdev, 1), + adapter->hw.flash_len); if (!adapter->hw.flash_address) goto err_flashmap; +#ifdef _ASM_X86_CACHEFLUSH_H + set_memory_ro((unsigned long)adapter->hw.flash_address, + adapter->hw.flash_len >> PAGE_SHIFT); +#endif } /* construct the net_device struct */ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists