lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Nov 2008 12:02:32 -0800
From:	"Allan, Bruce W" <bruce.w.allan@...el.com>
To:	David Miller <davem@...emloft.net>,
	"csnook@...hat.com" <csnook@...hat.com>
CC:	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [v2,PCI] move ICHx GbE NVM write-protection from e1000e to PCI
 quirk

Well, no, not for every device with an NVRAM; just those LOM parts in the ICH-based family of products that has an unprotected region of NVRAM and a not-so-difficult set of steps necessary to corrupt the NVRAM by taking advantage of that.  By leaving the write-protection in the driver, the NVRAM can still be damaged before the driver loads (as seen with corruptions from ftrace in 2.6.27) or if the driver is never loaded.

Once the NVRAM is write-protected the driver cannot revoke that protection, only a system reset will do that.  The kernel command line option to disable the write protection is so that if/when a user needs to change a value in the NVRAM it can still be done.


>-----Original Message-----
>From: David Miller [mailto:davem@...emloft.net]
>Sent: Monday, November 17, 2008 11:50 AM
>To: csnook@...hat.com
>Cc: Kirsher, Jeffrey T; Allan, Bruce W; netdev@...r.kernel.org
>Subject: Re: [v2,PCI] move ICHx GbE NVM write-protection from e1000e to
>PCI quirk
>
>From: Chris Snook <csnook@...hat.com>
>Date: Mon, 17 Nov 2008 14:40:32 -0500
>
>> David Miller wrote:
>> > I'm less than thrilled with this patch so I'm not going to apply it.
>> > I mean, what are we going to do, for every single device that has a
>> > NVRAM we're going to add some PCI quirk and some new global foo_*
>> > kernel command line option to turn it off?
>> > That doesn't make any sense at all, sorry.
>>
>> Could we protect it in a PCI quirk, and optionally unprotect it in the
>driver?
>
>I think it's an overreaction, frankly.
>
>Doing it purely in the driver should be fine.
>
>Again are we going to add a NVRAM protect quirk for every PCI
>device on the planet that has a NVRAM?
>
>It's not appropriate at all.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ