| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Jun 2016 13:04:24 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Ingo Molnar <mingo@...nel.org>
Cc: Yinghai Lu <yinghai@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, cmilsted@...hat.com,
Rafa?? Mi??ecki <zajec5@...il.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>,
Matt Fleming <matt@...eblueprint.co.uk>,
Peter Zijlstra <peterz@...radead.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Matthew Garrett <mjg59@...f.ucam.org>, m@...s.ch,
"linux-tip-commits@...r.kernel.org"
<linux-tip-commits@...r.kernel.org>
Subject: Re: [tip:x86/urgent] x86/quirks: Add early quirk to reset Apple
AirPort card
On Thu, Jun 09, 2016 at 08:48:03AM +0200, Ingo Molnar wrote:
> * Lukas Wunner <lukas@...ner.de> wrote:
> > On Wed, Jun 08, 2016 at 11:56:14AM -0700, Yinghai Lu wrote:
> > > How do you know that sec is valid ?
> > > How about on the system that have one bridge that still have sec num
> > > register 0?
> > > it will be get into dead loop.
> >
> > Good point. I've just checked pci_scan_bridge() and it does verify that
> > and avoids recursing to a child bus if it's number is zero. It also
> > ensures that sec > num before recursing.
>
> Please send a delta fix on top of x86/urgent. (I'll probably squash the
> two fixes together.)
Please find my suggestion for a delta fix included below. Can be squashed
or applied on top as you see fit. I've also tested this on my machine and
verified that the AirPort card is still properly reset. If there is
anything else I can do please let me know.
Thanks,
Lukas
-- >8 --
Subject: [PATCH] x86/quirks: Validate secondary bus number
We used to brute-force scan buses 0 to 31 until commit 8659c406ade3
("x86: only scan the root bus in early PCI quirks") constrained the scan
to the root bus, in part to shorten boot time.
Commit 625a99d9bfd0 ("x86/quirks: Add early quirk to reset Apple AirPort
card") reintroduced scanning of secondary buses, but used a recursive
strategy to scan only buses that are actually present.
However the secondary bus number read from a bridge's config space may
be invalid, in particular a value of 0 causes an infinite loop. The PCI
core goes beyond that and recurses to a child bus only if its bus number
is greater than the parent bus number (see pci_scan_bridge()). Since the
root bus is numbered 0, this implies that secondary buses may not be 0.
Do the same on early scanning.
Suggested-by: Yinghai Lu <yinghai@...nel.org>
Fixes: 625a99d9bfd0 ("x86/quirks: Add early quirk to reset Apple AirPort card")
Signed-off-by: Lukas Wunner <lukas@...ner.de>
---
arch/x86/kernel/early-quirks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index 4e4e499..c24070e 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -747,7 +747,8 @@ static int __init check_dev_quirk(int num, int slot, int func)
if ((type & 0x7f) == PCI_HEADER_TYPE_BRIDGE) {
sec = read_pci_config_byte(num, slot, func, PCI_SECONDARY_BUS);
- early_pci_scan_bus(sec);
+ if (sec > num)
+ early_pci_scan_bus(sec);
}
if (!(type & 0x80))
--
2.8.1
Powered by blists - more mailing lists