lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1197523602.15741.114.camel@pasglop>
Date:	Thu, 13 Dec 2007 16:26:42 +1100
From:	Benjamin Herrenschmidt <benh@...nel.crashing.org>
To:	Robert Hancock <hancockr@...w.ca>
Cc:	linux-pci@...ey.karlin.mff.cuni.cz,
	Linux Kernel list <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: Possible issue with dangling PCI BARs


> We could do a bit better than that - a common use case with 
> pci_enable_device_bars would be where the device has some IO space that 
> we don't care about because we only want to use MMIO space. If we only 
> want to enable MMIO BARs then we don't need to enable IO decoding, and 
> in that case it doesn't matter if we failed to find space for the IO 
> space and it overlaps something else.

Yes, we could at least separate memory from IO.

> It looks like we already handle the "not enabling IO decoding" part in 
> this case, except that it doesn't look like we ever would disable the 
> decoding if it was already enabled.

Yup.

> For the case where you say "I want to enable decoding for this MMIO BAR, 
> but not that one", though, I don't see an obvious way to provide that 
> guarantee with certainty. Normally, one would expect that if a BAR is 
> mapped safely outside the decode window of a PCI bridge it's behind, 
> that it won't ever see the requests and can't respond to them. However, 
> the Intel chipset MMCONFIG overlap fiasco appears to show that this is 
> not always the case and in some cases the device can see and respond to 
> requests outside of the bridge's decode window (with higher decode 
> priority than the MMCONFIG aperture, even)..

Yup, which is why I believe we would be reasonably safe if we did
something along the lines of: when we fail to assign a resource, we
disable decoding on the device. Either both or only the "side" (IO vs.
MEM) of the resource we failed assigning.

In addition, we modify pcibios_enable_device() to verify that if it's
going to enable MEM or IO, there is no BAR of that type that is left
unassigned, even if those aren't part of the mask.

I can try to whip up some code tomorrow I suppose, though I'm always
afraid some dodgy x86 setup will blow up...

Cheers,
Ben.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ