lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 2 Feb 2009 09:15:15 -0800
From:	Bhavesh Davda <bhavesh@...are.com>
To:	"kyle@...radead.org" <kyle@...radead.org>
CC:	"David.Woodhouse@...el.com" <David.Woodhouse@...el.com>,
	"mingo@...e.hu" <mingo@...e.hu>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] intel-iommu: intel_iommu_domain_alloc should check
	'dmar_disabled'

At least with 2.6.28, you could trigger the Oops as follows:

1. Boot with intel_iommu=off
2. Call the exported symbol intel_iommu_domain_alloc() from a module which knows nothing about the fact that dmar_disabled is true

Looks like intel_iommu_domain_alloc is not exported any more at git head, and I see a bunch of commits to git head from Joerg Roedel on Jan 3, 2009, that happened sometime between 2.6.28 and 2.6.29-rc1, so I guess we're good.

Thanks

- Bhavesh
 
Bhavesh P. Davda

> -----Original Message-----
> From: Kyle McMartin [mailto:kyle@...radead.org] On Behalf Of Kyle
> McMartin
> Sent: Friday, January 30, 2009 8:45 PM
> To: Bhavesh Davda
> Cc: David.Woodhouse@...el.com; mingo@...e.hu; linux-
> kernel@...r.kernel.org
> Subject: Re: [PATCH] intel-iommu: intel_iommu_domain_alloc should check
> 'dmar_disabled'
> 
> On Fri, Jan 16, 2009 at 03:54:12PM -0800, Bhavesh Davda wrote:
> >
> > intel_iommu_domain_alloc() will try and iommu_alloc_domain(iommu),
> > which calls alloc_domain_mem() to allocate out of
> 'iommu_domain_cache'.
> > Unfortunately iommu_domain_cache will not be created if booted with
> > "intel_iommu=off", i.e. dmar_disabled = 1.
> >
> 
> Hi Bhavesh,
> 
> What's the callchain that can result in intel_iommu_domain_alloc
> being called? It looks like most possible callsites are checking
> intel_iommu_found, which will be 0 since we check dmar_disabled before
> calling init_dmars to enumerate the iommus.
> 
> (I'm looking at 2.6.28.y right now, is there an interim between when
> you
>  stumbled upon this two weeks ago and git head where it's no longer an
>  issue? I guess it probably got missed due to folks travelling for
> LCA.)
> 
> regards, Kyle
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ