lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130823213725.GC15521@pd.tnic>
Date:	Fri, 23 Aug 2013 23:37:25 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Aravind Gopalakrishnan <Aravind.Gopalakrishnan@....com>
Cc:	tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
	dougthompson@...ssion.com, bhelgaas@...gle.com, jbeulich@...e.com,
	linux-kernel@...r.kernel.org, linux-edac@...r.kernel.org,
	linux-pci@...r.kernel.org
Subject: Re: [PATCH 1/1] AMD64_EDAC: Fix incorrect wrap arounds due to left
 shift beyond 32 bits.

On Mon, Aug 19, 2013 at 07:27:52PM -0500, Aravind Gopalakrishnan wrote:
> Link to the bug report:
> http://marc.info/?l=linux-edac&m=137692201732220&w=2
> 
> dct_base and dct_limit obtain 32 bit register values when they read their
> respective pci config space registers. A left shift beyond 32 bits will
> cause them to wrap around. Similar case for chan_addr as can be seen from
> the bug report. In the patch, we rectify this by casting chan_addr to u64
> and by comparing dct_base and dct_limit against (sys_addr >> 27)
> 
> Tested on F15h, M30h with ECC turned on and works fine.
> 
> Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@....com>
> 
> diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
> index b86228c..eb4793e 100644
> --- a/drivers/edac/amd64_edac.c
> +++ b/drivers/edac/amd64_edac.c
> @@ -1558,11 +1558,12 @@ static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
>  	}
>  
>  	/* Verify sys_addr is within DCT Range. */
> -	dct_base = (dct_sel_baseaddr(pvt) << 27);
> -	dct_limit = (((dct_cont_limit_reg >> 11) & 0x1FFF) << 27) | 0x7FFFFFF;
> +	dct_base = dct_sel_baseaddr(pvt);

This can't be correct.

So the original patch takes the shifted dct_base while your change
doesn't anymore...

> +	dct_limit = (dct_cont_limit_reg >> 11) & 0x1FFF;
>  
>  	if (!(dct_cont_base_reg & BIT(0)) &&
> -	    !(dct_base <= sys_addr && dct_limit >= sys_addr))
> +	    !(dct_base <= (sys_addr >> 27) &&
> +	      dct_limit >= (sys_addr >> 27)))

... and while this comparison shifts sys_addr to use the proper bits,
the code does this assignment later:

	chan_offset = dct_base;

Now, chan_offset has the << 27 version of dct_base which makes the following
calculation wrong:

	chan_addr = sys_addr - chan_offset;

because sys_addr is the full 64-bit, unshifted value.

The right thing to do would be to do:

	chan_offset = dct_base << 27;

Or am I missing something?

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ