lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Sep 2008 01:10:22 -0700
From:	"Yinghai Lu" <yinghai@...nel.org>
To:	"Ingo Molnar" <mingo@...e.hu>
Cc:	"Suresh Siddha" <suresh.b.siddha@...el.com>,
	jbarnes@...tuousgeek.org, tglx@...utronix.de, hpa@...or.com,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	arjan@...ux.intel.com, linux-kernel@...r.kernel.org
Subject: Re: [patch] ioremap sanity check to catch mapping requests exceeding the BAR sizes

On Fri, Sep 26, 2008 at 12:39 AM, Ingo Molnar <mingo@...e.hu> wrote:
>
> * Suresh Siddha <suresh.b.siddha@...el.com> wrote:
>
>> [patch] ioremap sanity check to catch mapping requests exceeding the BAR sizes
>>
>> Go through the iomem resource tree to check if any of the ioremap() requests
>> span more than any slot in the iomem resource tree and do a WARN_ON() if we hit
>> this check.
>>
>> This will raise a red-flag, if some driver is mapping more than what
>> is needed. And hopefully identify possible corruptions much earlier.
>>
>> Signed-off-by: Suresh Siddha <suresh.b.siddha@...el.com>
>
> applied to tip/core/resources, thanks Suresh.
>
> one question:
>
>> +     for (p = p->child; p ; p = r_next(NULL, p, &l)) {
>> +             /*
>> +              * We can probably skip the resources with out
>> +              * IORESOURCE_IO attribute?
>> +              */
>> +             if (p->start >= addr + size)
>> +                     continue;
>> +             if (p->end < addr)
>> +                     continue;
>> +             if (p->start <= addr && (p->end >= addr + size - 1))
>> +                     continue;
>> +             printk(KERN_WARNING "resource map sanity check conflict "
>> +                    " 0x%llx 0x%llx 0x%llx 0x%llx %s\n",
>> +                    addr, addr + size - 1, p->start, p->end, p->name);


need cast with (unsigned long long)...


>> +             err = -1;
>> +             break;
>
> i think all the checks you added are precise to the byte and you allow
> all the sensible ioremaps: which nest fully inside a single resource -
> and you reject all the other partial overlap or multiple overlap
> scenarios.
>
> One potential thing to check for would be whether addr+size overlaps a
> 4GB boundary? That would almost always be a bug, and it could also cause
> problems with the checks above if resource_t is 32 bits. The ioremap
> code should already prevent it though.

in that case,  BAR should be disabled already.

YH
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ