lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 12 Jun 2016 14:37:26 +0200
From:	Lukas Wunner <lukas@...ner.de>
To:	Ingo Molnar <mingo@...nel.org>
Cc:	x86@...nel.org, linux-kernel@...r.kernel.org,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Yinghai Lu <yinghai@...nel.org>,
	Matt Fleming <matt@...eblueprint.co.uk>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH v2 3/3] x86/quirks: Add early quirk to reset Apple
 AirPort card

On Sun, Jun 12, 2016 at 01:49:02PM +0200, Ingo Molnar wrote:
> * Lukas Wunner <lukas@...ner.de> wrote:
> > The solution is to reset the card on boot by writing to a reset bit in
> > its mmio space. This must be done as an early quirk and not as a plain
> > vanilla PCI quirk to successfully combat memory corruption by DMAed
> > packets: Matthew Garrett found out in 2012 that the packets are written
> > to EfiBootServicesData memory (http://mjg59.dreamwidth.org/11235.html).
> > This type of memory is made available to the page allocator by
> > efi_free_boot_services(). [...]
> 
> Btw., would it also make sense to *not* free those pages by default,
> if firmware can occasionally corrupt them? What memory size are we
> talking about?

The memory area where packets are written is relatively small,
Matthew Garret writes: "I'd traced it down to a single 31MB region
of boot service data" (https://mjg59.dreamwidth.org/11235.html)

However memory corruption by DMAed packets is only one of two issues
here. The other is the interrupt storm unleashed by the wireless card.
The IRQ is frequently shared on these models. On my machine it's
shared with the Thunderbolt controller, SDXC controller and a sound
card. I can't even authenticate with cryptsetup on boot before getting
a spurious interrupt splat.

Resetting the card solves the problem at the root and fixes both,
the spurious interrupts and the memory corruption. 

Best regards,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ