| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Feb 2015 13:09:47 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: Bjorn Helgaas <bhelgaas@...gle.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Matthew Wilcox <willy@...ux.intel.com>,
Myron Stowe <myron.stowe@...hat.com>,
William Unruh <unruh@...sics.ubc.ca>,
Martin Lucina <martin@...ina.net>
Subject: Re: [PATCH 3.2 015/152] PCI: Restore detection of read-only BARs
On Tue, 2015-02-17 at 11:01 -0600, Bjorn Helgaas wrote:
> On Mon, Feb 16, 2015 at 7:46 PM, Ben Hutchings <ben@...adent.org.uk> wrote:
> > 3.2.67-rc1 review patch. If anyone has any objections, please let me know.
>
> No objections, but I think you want 06cf35f903aa ("PCI: Handle
> read-only BARs on AMD CS553x devices") at the same time.
Thanks, I've added that as well. For the pending stable update, I only
checked 'cc: stable' commits in mainline up to 3.19-rc7 so I hadn't yet
seen that.
Ben.
> > ------------------
> >
> > From: Myron Stowe <myron.stowe@...hat.com>
> >
> > commit 36e8164882ca6d3c41cb91e6f09a3ed236841f80 upstream.
> >
> > Commit 6ac665c63dca ("PCI: rewrite PCI BAR reading code") masked off
> > low-order bits from 'l', but not from 'sz'. Both are passed to pci_size(),
> > which compares 'base == maxbase' to check for read-only BARs. The masking
> > of 'l' means that comparison will never be 'true', so the check for
> > read-only BARs no longer works.
> >
> > Resolve this by also masking off the low-order bits of 'sz' before passing
> > it into pci_size() as 'maxbase'. With this change, pci_size() will once
> > again catch the problems that have been encountered to date:
> >
> > - AGP aperture BAR of AMD-7xx host bridges: if the AGP window is
> > disabled, this BAR is read-only and read as 0x00000008 [1]
> >
> > - BARs 0-4 of ALi IDE controllers can be non-zero and read-only [1]
> >
> > - Intel Sandy Bridge - Thermal Management Controller [8086:0103];
> > BAR 0 returning 0xfed98004 [2]
> >
> > - Intel Xeon E5 v3/Core i7 Power Control Unit [8086:2fc0];
> > Bar 0 returning 0x00001a [3]
> >
> > Link: [1] https://git.kernel.org/cgit/linux/kernel/git/tglx/history.git/commit/drivers/pci/probe.c?id=1307ef6621991f1c4bc3cec1b5a4ebd6fd3d66b9 ("PCI: probing read-only BARs" (pre-git))
> > Link: [2] https://bugzilla.kernel.org/show_bug.cgi?id=43331
> > Link: [3] https://bugzilla.kernel.org/show_bug.cgi?id=85991
> > Reported-by: William Unruh <unruh@...sics.ubc.ca>
> > Reported-by: Martin Lucina <martin@...ina.net>
> > Signed-off-by: Myron Stowe <myron.stowe@...hat.com>
> > Signed-off-by: Bjorn Helgaas <bhelgaas@...gle.com>
> > CC: Matthew Wilcox <willy@...ux.intel.com>
> > Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
> > ---
> > drivers/pci/probe.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > --- a/drivers/pci/probe.c
> > +++ b/drivers/pci/probe.c
> > @@ -175,14 +175,17 @@ int __pci_read_base(struct pci_dev *dev,
> > res->flags |= IORESOURCE_SIZEALIGN;
> > if (res->flags & IORESOURCE_IO) {
> > l &= PCI_BASE_ADDRESS_IO_MASK;
> > + sz &= PCI_BASE_ADDRESS_IO_MASK;
> > mask = PCI_BASE_ADDRESS_IO_MASK & (u32) IO_SPACE_LIMIT;
> > } else {
> > l &= PCI_BASE_ADDRESS_MEM_MASK;
> > + sz &= PCI_BASE_ADDRESS_MEM_MASK;
> > mask = (u32)PCI_BASE_ADDRESS_MEM_MASK;
> > }
> > } else {
> > res->flags |= (l & IORESOURCE_ROM_ENABLE);
> > l &= PCI_ROM_ADDRESS_MASK;
> > + sz &= PCI_ROM_ADDRESS_MASK;
> > mask = (u32)PCI_ROM_ADDRESS_MASK;
> > }
> >
> >
--
Ben Hutchings
To err is human; to really foul things up requires a computer.
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists