| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071101184555.GB5955@us.ibm.com> Date: Thu, 1 Nov 2007 11:45:55 -0700 From: Gary Hade <garyhade@...ibm.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Yinghai Lu <Yinghai.Lu@....COM>, Greg Kroah-Hartman <gregkh@...e.de>, Gary Hade <garyhade@...ibm.com>, Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, linux-acpi@...r.kernel.org Subject: Re: [PATCH] x86: check boundary in count/setup_resource called by get_current_resources On Thu, Nov 01, 2007 at 01:32:39AM -0700, Andrew Morton wrote: > On Thu, 01 Nov 2007 01:20:29 -0700 Yinghai Lu <Yinghai.Lu@....COM> wrote: > > > [PATCH] x86: check boundary in count/setup_resource called by get_current_resources > > > > need to check info->res_num less than PCI_BUS_NUM_RESOURCES, so > > info->bus->resource[info->res_num] = res will not beyond of bus resource array > > when acpi resutrn too many resource entries. > > > > Isn't this a bit of a problem? It sounds like PCI_BUS_NUM_RESOURCES is to > small for that system? If so, some sort of dynamic allocation might be > needed. I should have considered the possible resource array overrun when I created these functions. I had assumed (apparently incorrectly) that the old PCI_BUS_NUM_RESOURCES value of 4 was based on a spec defined limit on the maximum number of resources that _CRS can return. I recently noticed the potential overrun myself while backporting the code to kernel source where PCI_BUS_NUM_RESOURCES was initially defined as 4. This happened on a system where the _CRS associated with one of the root bridges returned 5 resources with the 5th causing a write beyond the end of the array. Increasing PCI_BUS_NUM_RESOURCES to the current value of 8 eliminated the overrun that I experienced but after discovering that there is apparently no limit on the number of resources that _CRS can return I had intended to post a change similar to what Yinghai Lu is proposing. With the current PCI_BUS_NUM_RESOURCES value, _CRS can return up to 8 resources before the pci_bus resource array is totally saturated but it should be noted that if a transparent bridge is present below the root bridge it's child bus will only see the first 5 resources. The current fixed pci_bus resource array size of 8 is adequate (for storing _CRS returned resource and visibility across transparent bridges) on those systems that I work on but without a bound on the number of resources returned by _CRS some sort of dynamic allocation certainly makes sense. Note that exposure to this issue is currently limited to those that use the 'pci=use_crs' kernel option. Gary -- Gary Hade System x Enablement IBM Linux Technology Center 503-578-4503 IBM T/L: 775-4503 garyhade@...ibm.com http://www.ibm.com/linux/ltc - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists