| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Jul 2010 13:00:28 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Masayuki Ohtak <masa-korg@....okisemi.com>
Cc: Arnd Bergmann <arnd@...db.de>,
"Wang, Yong Y" <yong.y.wang@...el.com>, qi.wang@...el.com,
joel.clark@...el.com, andrew.chih.howe.khor@...el.com,
Alan Cox <alan@...rguk.ukuu.org.uk>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Packet hub driver of Topcliff PCH
On Tue, 06 Jul 2010 15:20:52 +0900
Masayuki Ohtak <masa-korg@....okisemi.com> wrote:
> Hi Arnd
>
> I have modified for your comments.
> Please confirm below.
>
> Thanks, Ohtake.
>
> ---
> Packet hub driver of Topcliff PCH
>
> Topcliff PCH is the platform controller hub that is going to be used in
> Intel's upcoming general embedded platform. All IO peripherals in
> Topcliff PCH are actually devices sitting on AMBA bus. Packet hub is
> a special converter device in Topcliff PCH that translate AMBA transactions
> to PCI Express transactions and vice versa. Thus packet hub helps present
> all IO peripherals in Topcliff PCH as PCIE devices to IA system.
> Topcliff PCH has MAC address and Option ROM data.
> These data are in SROM which is connected to PCIE bus.
> Packet hub driver of Topcliff PCH can access MAC address and Option ROM data in
> SROM.
That didn't describe the most important part of the driver: the
userspace interface. We should add here something along the lines of
The driver creates a character device /dev/pch_phub. That device file
supports the following operations:
read(): <document the read operation - seems to read a serial ROM?>
write():<document the write operation - seems to write a serial ROM?>
ioctl():<document the ioctl operation - seems to read/write a MAC address?>
>
> ...
>
> +static ssize_t pch_phub_write(struct file *file, const char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + unsigned int data;
> + int ret_value1;
> + int ret_value2;
> + int err;
> + unsigned int addr_offset;
> + loff_t pos = *ppos;
> + int ret;
> +
> + ret = mutex_lock_interruptible(&pch_phub_mutex);
> + if (ret) {
> + err = -ERESTARTSYS;
> + goto return_err_nomutex;
> + }
> +
> + for (addr_offset = 0; addr_offset < size; addr_offset++) {
> + ret_value1 = get_user(data, &buf[addr_offset]);
> + if (ret_value1) {
> + err = -EFAULT;
> + goto return_err;
> + }
> +
> + ret_value2 = pch_phub_write_serial_rom(0x80 + addr_offset + pos,
> + data);
I suspect this function will do strange things if passed an initial
*ppos which is outside the range of the ROM. It looks like it will write
a single byte into the ROM then will bale out.
> + if (ret_value2) {
> + err = ret_value2;
> + goto return_err;
> + }
> +
> + if (PCH_PHUB_OROM_SIZE < pos + addr_offset) {
Is this off-by-one?
> + *ppos += addr_offset;
> + goto return_ok;
> + }
> +
> + }
> +
> + *ppos += addr_offset;
> +
> +return_ok:
> + mutex_unlock(&pch_phub_mutex);
> + return addr_offset;
> +
> +return_err:
> + mutex_unlock(&pch_phub_mutex);
> +return_err_nomutex:
> + return err;
> +}
>
> ...
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists