lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.1.10.0810021102000.5549@apollo.tec.linutronix.de>
Date:	Thu, 2 Oct 2008 11:05:59 +0200 (CEST)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Arjan van de Ven <arjan@...ux.intel.com>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Jesse Brandeburg <jesse.brandeburg@...el.com>, jeff@...zik.org,
	davem@...emloft.net, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org, Bruce Allan <bruce.w.allan@...el.com>
Subject: Re: [PATCH] e1000e: write protect ICHx NVM to prevent malicious
 write/erase

On Wed, 1 Oct 2008, Arjan van de Ven wrote:

> Linus Torvalds wrote:
> > 
> > On Wed, 1 Oct 2008, Jesse Brandeburg wrote:
> > > From: Bruce Allan <bruce.w.allan@...el.com>
> > > 
> > > Set the hardware to ignore all write/erase cycles to the GbE region in
> > > the ICHx NVM.  This feature can be disabled by the WriteProtectNVM module
> > > parameter (enabled by default) only after a hardware reset, but
> > > the machine must be power cycled before trying to enable writes.
> > 
> > Thanks, applied.
> > 
> > One thing that I did notice when I looked at the driver is that I don't see
> > any serialization what-so-ever around a lot of the special accesses.
> > 
> 
> there's quite a few of that yes.
> These are all fixed afaik but these fixes are being queued for 2.6.28 rather
> than being snuck in late into .27
> (the patches have been posted to lkml a few times the last week)

Hmm. The mutex around the nvram acquire catched at least a couple of
problems and IMHO they are serious enough to go into .27. At least to
make sure that we do not accidentaly reenter the nvram functions under
any circumstances.

Thanks,

	tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ