| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150915174934.GL31157@arm.com>
Date: Tue, 15 Sep 2015 18:49:34 +0100
From: Will Deacon <will.deacon@....com>
To: David Daney <ddaney.cavm@...il.com>
Cc: "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Rob Herring <robh+dt@...nel.org>,
Frank Rowand <frowand.list@...il.com>,
"grant.likely@...aro.org" <grant.likely@...aro.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
Pawel Moll <Pawel.Moll@....com>,
Mark Rutland <Mark.Rutland@....com>,
Ian Campbell <ijc+devicetree@...lion.org.uk>,
Kumar Gala <galak@...eaurora.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
David Daney <david.daney@...ium.com>, lorenzo.pieralisi@....com
Subject: Re: [PATCH 4/6] PCI: generic: Correct, and avoid overflow, in
bus_max calculation.
On Sat, Sep 12, 2015 at 12:21:57AM +0100, David Daney wrote:
> From: David Daney <david.daney@...ium.com>
>
> There are two problems with the bus_max calculation:
>
> 1) The u8 data type can overflow for large config space windows.
>
> 2) The calculation is incorrect for a bus range that doesn't start at
> zero.
>
> Since the configuration space is relative to bus zero, make bus_max
> just be the size of the config window scaled by bus_shift. Then clamp
> it to a maximum of 255, per PCI. Use a data type of int to avoid
> overflow problems.
>
> Signed-off-by: David Daney <david.daney@...ium.com>
> ---
> drivers/pci/host/pci-host-generic.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/pci/host/pci-host-generic.c b/drivers/pci/host/pci-host-generic.c
> index cd6f898..fce5bf7 100644
> --- a/drivers/pci/host/pci-host-generic.c
> +++ b/drivers/pci/host/pci-host-generic.c
> @@ -164,7 +164,7 @@ out_release_res:
> static int gen_pci_parse_map_cfg_windows(struct gen_pci *pci)
> {
> int err;
> - u8 bus_max;
> + int bus_max;
> resource_size_t busn;
> struct resource *bus_range;
> struct device *dev = pci->host.dev.parent;
> @@ -177,8 +177,9 @@ static int gen_pci_parse_map_cfg_windows(struct gen_pci *pci)
> }
>
> /* Limit the bus-range to fit within reg */
> - bus_max = pci->cfg.bus_range->start +
> - (resource_size(&pci->cfg.res) >> pci->cfg.ops.bus_shift) - 1;
> + bus_max = (resource_size(&pci->cfg.res) >> pci->cfg.ops.bus_shift) - 1;
> + if (bus_max > 255)
> + bus_max = 255;
> pci->cfg.bus_range->end = min_t(resource_size_t,
> pci->cfg.bus_range->end, bus_max);
Hmm, this is changing the meaning of the bus-range property in the
device-tree, which really needs to match what IEEE Std 1275-1994 requires.
My understanding was that the bus-range could be used to offset the config
space, which is why it's subtracted from the bus number in
gen_pci_map_cfg_bus_[e]cam. Also, why is your config space so large that
we end up overflowing bus_max?
Will
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists