lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 23 Aug 2013 18:07:48 -0500
From:	Aravind Gopalakrishnan <aravind.gopalakrishnan@....com>
To:	Borislav Petkov <bp@...en8.de>
CC:	<tglx@...utronix.de>, <mingo@...hat.com>, <hpa@...or.com>,
	<dougthompson@...ssion.com>, <bhelgaas@...gle.com>,
	<jbeulich@...e.com>, <linux-kernel@...r.kernel.org>,
	<linux-edac@...r.kernel.org>, <linux-pci@...r.kernel.org>
Subject: Re: [PATCH 1/1] AMD64_EDAC: Fix incorrect wrap arounds due to left
 shift beyond 32 bits.

On 8/23/2013 4:37 PM, Borislav Petkov wrote:
> On Mon, Aug 19, 2013 at 07:27:52PM -0500, Aravind Gopalakrishnan wrote:
>> Link to the bug report:
>> http://marc.info/?l=linux-edac&m=137692201732220&w=2
>>
>> dct_base and dct_limit obtain 32 bit register values when they read their
>> respective pci config space registers. A left shift beyond 32 bits will
>> cause them to wrap around. Similar case for chan_addr as can be seen from
>> the bug report. In the patch, we rectify this by casting chan_addr to u64
>> and by comparing dct_base and dct_limit against (sys_addr >> 27)
>>
>> Tested on F15h, M30h with ECC turned on and works fine.
>>
>> Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@....com>
>>
>> diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
>> index b86228c..eb4793e 100644
>> --- a/drivers/edac/amd64_edac.c
>> +++ b/drivers/edac/amd64_edac.c
>> @@ -1558,11 +1558,12 @@ static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
>>   	}
>>   
>>   	/* Verify sys_addr is within DCT Range. */
>> -	dct_base = (dct_sel_baseaddr(pvt) << 27);
>> -	dct_limit = (((dct_cont_limit_reg >> 11) & 0x1FFF) << 27) | 0x7FFFFFF;
>> +	dct_base = dct_sel_baseaddr(pvt);
> This can't be correct.
>
> So the original patch takes the shifted dct_base while your change
> doesn't anymore...
>
>> +	dct_limit = (dct_cont_limit_reg >> 11) & 0x1FFF;
>>   
>>   	if (!(dct_cont_base_reg & BIT(0)) &&
>> -	    !(dct_base <= sys_addr && dct_limit >= sys_addr))
>> +	    !(dct_base <= (sys_addr >> 27) &&
>> +	      dct_limit >= (sys_addr >> 27)))
> ... and while this comparison shifts sys_addr to use the proper bits,
> the code does this assignment later:
>
> 	chan_offset = dct_base;
>
> Now, chan_offset has the << 27 version of dct_base which makes the following
> calculation wrong:
>
> 	chan_addr = sys_addr - chan_offset;
Oops. my apologies.
> because sys_addr is the full 64-bit, unshifted value.
>
> The right thing to do would be to do:
>
> 	chan_offset = dct_base << 27;
>
> Or am I missing something?
>
No, you are right.

I am re-sending the patch.

Thanks,
-Aravind.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ