lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 Sep 2011 15:48:58 +0800
From:	Ram Pai <linuxram@...ibm.com>
To:	linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:	Bjorn Helgaas <bhelgaas@...gle.com>,
	Jesse Barnes <jbarnes@...tuousgeek.org>,
	weiyang@...ux.vnet.ibm.com, wangyun@...ux.vnet.ibm.com,
	shangw@...ux.vnet.ibm.com, Michal Ludvig <mludvig@...ix.net.nz>
Subject: [PATCH] Resource: wrong resource window calculation

  	Resource: wrong resource window calculation

__find_resource() incorrectly returns a resource window which overlaps an
existing allocated window. This happens when the parent's resource-window spans
0x00000000 to 0xffffffff and is entirely allocated to all its children
resource-windows.

__find_resource() looks for gaps in resource allocation among the children
resource windows.  When it encounters the last child window it blindly tries
the range next to one allocated to the last child. Since the last child's
window ends at 0xffffffff the calculation overflows, leading the algorithm to
believe that any window in the range 0x0000000 to 0xfffffff is available for
allocation. This leads to a conflicting window allocation.

Michal Ludvig reported this issue seen on his platform. The following patch
fixes the problem and has been verified by Michal. I believe this bug has been
there for ages. It got exposed by git commit
2bbc6942273b5b3097bd265d82227bdd84b351b2
[PATCH] PCI : ability to relocate assigned pci-resources

Signed-off-by: Ram Pai <linuxram@...ibm.com>
---
 kernel/resource.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/kernel/resource.c b/kernel/resource.c
index 3ff4017..b29b83d 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -419,6 +419,9 @@ static int __find_resource(struct resource *root, struct resource *old,
 		else
 			tmp.end = root->end;
 
+		if (tmp.end < tmp.start)
+			goto next;
+
 		resource_clip(&tmp, constraint->min, constraint->max);
 		arch_remove_reservations(&tmp);
 
@@ -436,8 +439,10 @@ static int __find_resource(struct resource *root, struct resource *old,
 				return 0;
 			}
 		}
-		if (!this)
+
+next:		if (!this || this->end == root->end)
 			break;
+
 		if (this != old)
 			tmp.start = this->end + 1;
 		this = this->sibling;
-- 
1.7.4.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ