lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdVH7=Xmaw4ZzDZC9wN=w1JNwZEV_TNvnSjfSREDciecXA@mail.gmail.com>
Date:	Thu, 7 Apr 2016 09:26:00 +0200
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Al Stone <ahs3@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH] arm64: CONFIG_DEVPORT should not be used when PCI is
 being used

On Thu, Apr 7, 2016 at 2:18 AM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> On Wed, Apr 06, 2016 at 03:27:20PM -0600, Al Stone wrote:
>> On arm64 systems, using /dev/port does not really make sense; this is
>> historically used for other architectures to access ISA IO ports, which
>> with any luck do not exist on arm64 platforms.  With the following snippet
>> of perl code (from Jeff Bastian <jbastian@...hat.com>), we can reliably
>> panic an arm64 system with PCI enabled:
>>
>>       #!/usr/bin/perl -w
>>       # extracted from sensors-detect from lm_sensors
>>       # to reproduce kernel crash when probing the
>>       # Super-I/O ports
>>       use Fcntl qw(:DEFAULT :seek);
>>       sysopen(IOPORTS, "/dev/port", O_RDWR);
>>       binmode(IOPORTS);
>>       sysseek(IOPORTS, 0x2e, 0);
>>       syswrite(IOPORTS, pack("C", 0x0d), 1);

There are plenty of ways to crash a system as the root user...

>> So, make sure CONFIG_DEVPORT cannot be set on arm64; it cannot really be
>> used and it allows us to crash a kernel from user space.
>>
>> Signed-off-by: Al Stone <ahs3@...hat.com>
>> Cc: Arnd Bergmann <arnd@...db.de>
>> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> ---
>>  drivers/char/Kconfig | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
>> index b272397..c532f62 100644
>> --- a/drivers/char/Kconfig
>> +++ b/drivers/char/Kconfig
>> @@ -587,7 +587,7 @@ config TELCLOCK
>>
>>  config DEVPORT
>>       bool
>> -     depends on !M68K
>> +     depends on !M68K && !ARM64
>
> Why not fix the real bug here, it's odd that only these two arches need
> this disabled, don't you agree?

In fact even the !M68K dependency is odd.
The logic seems to originate from commit 153dcc54df826d2f ("[PATCH] mem driver:
fix conditional on isa i/o support"), which accidentally changed an "||" into
an "&&".

Will send a patch later...

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ