lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Apr 2016 17:18:19 -0700 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Al Stone <ahs3@...hat.com> Cc: linux-kernel@...r.kernel.org, Arnd Bergmann <arnd@...db.de> Subject: Re: [PATCH] arm64: CONFIG_DEVPORT should not be used when PCI is being used On Wed, Apr 06, 2016 at 03:27:20PM -0600, Al Stone wrote: > On arm64 systems, using /dev/port does not really make sense; this is > historically used for other architectures to access ISA IO ports, which > with any luck do not exist on arm64 platforms. With the following snippet > of perl code (from Jeff Bastian <jbastian@...hat.com>), we can reliably > panic an arm64 system with PCI enabled: > > #!/usr/bin/perl -w > # extracted from sensors-detect from lm_sensors > # to reproduce kernel crash when probing the > # Super-I/O ports > use Fcntl qw(:DEFAULT :seek); > sysopen(IOPORTS, "/dev/port", O_RDWR); > binmode(IOPORTS); > sysseek(IOPORTS, 0x2e, 0); > syswrite(IOPORTS, pack("C", 0x0d), 1); > > So, make sure CONFIG_DEVPORT cannot be set on arm64; it cannot really be > used and it allows us to crash a kernel from user space. > > Signed-off-by: Al Stone <ahs3@...hat.com> > Cc: Arnd Bergmann <arnd@...db.de> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > --- > drivers/char/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig > index b272397..c532f62 100644 > --- a/drivers/char/Kconfig > +++ b/drivers/char/Kconfig > @@ -587,7 +587,7 @@ config TELCLOCK > > config DEVPORT > bool > - depends on !M68K > + depends on !M68K && !ARM64 Why not fix the real bug here, it's odd that only these two arches need this disabled, don't you agree? thanks, greg k-h
Powered by blists - more mailing lists