lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170724065255.GJ629@lahna.fi.intel.com>
Date:   Mon, 24 Jul 2017 09:52:55 +0300
From:   Mika Westerberg <mika.westerberg@...ux.intel.com>
To:     Christian Kellner <ckellner@...hat.com>
Cc:     Andreas Noever <andreas.noever@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Michael Jamet <michael.jamet@...el.com>,
        Yehezkel Bernat <yehezkel.bernat@...el.com>,
        Lukas Wunner <lukas@...ner.de>,
        Amir Levy <amir.jer.levy@...el.com>,
        Andy Lutomirski <luto@...nel.org>, Mario.Limonciello@...l.com,
        Jared.Dominguez@...l.com,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        linux-kernel@...r.kernel.org, Peter FP1 Zhang <zhangfp1@...ovo.com>
Subject: Re: [PATCH v4 00/27] Thunderbolt security levels and NVM firmware
 upgrade

Hi,

On Thu, Jul 20, 2017 at 06:11:49PM +0200, Christian Kellner wrote:
> Hi!
> 
> > This is fourth version of the patch series adding support for Thunderbolt
> > security levels and NVM firmware upgrade.
> 
> While prototyping the user-space bits for GNOME, I stumbled upon an
> oops on the Lenovo T470s (see below) when attaching a Dell TB16
> thunderbolt 3 dock. As a result /sys/bus/thunderbolt/devices has only
> domain0 in it but not the dock itself. Everything works fine on a Dell
> XPS 13 9630. The oops happens with linux-next and when I backport the
> patches to 4.11.11.
> Happy to provide any more information and test future patches.
> 
> Cheers,
> Christian
> 
> --- 8< ---
> lspci output:
> 
> pcilib: Cannot open /sys/bus/pci/devices/0000:03:00.0/config
> lspci: Unable to read the standard configuration space header of device 0000:03:00.0
> 00:00.0 Host bridge: Intel Corporation Device 5904 (rev 02)
> 00:02.0 VGA compatible controller: Intel Corporation Device 5916 (rev 02)
> 00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)
> 00:14.2 Signal processing controller: Intel Corporation Sunrise Point-LP Thermal subsystem (rev 21)
> 00:16.0 Communication controller: Intel Corporation Sunrise Point-LP CSME HECI #1 (rev 21)
> 00:16.3 Serial controller: Intel Corporation Device 9d3d (rev 21)
> 00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)
> 00:1c.2 PCI bridge: Intel Corporation Device 9d12 (rev f1)
> 00:1d.0 PCI bridge: Intel Corporation Sunrise Point-LP PCI Express Root Port #9 (rev f1)
> 00:1f.0 ISA bridge: Intel Corporation Device 9d4e (rev 21)
> 00:1f.2 Memory controller: Intel Corporation Sunrise Point-LP PMC (rev 21)
> 00:1f.3 Audio device: Intel Corporation Device 9d71 (rev 21)
> 00:1f.4 SMBus: Intel Corporation Sunrise Point-LP SMBus (rev 21)
> 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (4) I219-LM (rev 21)
> 01:00.0 PCI bridge: Intel Corporation JHL6240 Thunderbolt 3 Bridge (Low Power) [Alpine Ridge LP 2016] (rev ff)
> 02:00.0 PCI bridge: Intel Corporation JHL6240 Thunderbolt 3 Bridge (Low Power) [Alpine Ridge LP 2016] (rev ff)
> 02:01.0 PCI bridge: Intel Corporation JHL6240 Thunderbolt 3 Bridge (Low Power) [Alpine Ridge LP 2016] (rev ff)
> 02:02.0 PCI bridge: Intel Corporation JHL6240 Thunderbolt 3 Bridge (Low Power) [Alpine Ridge LP 2016] (rev ff)
> 3a:00.0 Network controller: Intel Corporation Wireless 8265 / 8275 (rev 78)
> 3c:00.0 Non-Volatile memory controller: Toshiba America Info Systems Device 0115 (rev 01)
> 
> --- >8 ---
> Ops:
> 
> [   69.886978] thunderbolt 0000:03:00.0: current switch config:
> [   69.886983] thunderbolt 0000:03:00.0:  Switch: 8086:15c0 (Revision: 1, TB Version: 2)
> [   69.886986] thunderbolt 0000:03:00.0:   Max Port Number: 5
> [   69.886987] thunderbolt 0000:03:00.0:   Config:
> [   69.886991] thunderbolt 0000:03:00.0:    Upstream Port Number: 3 Depth: 0 Route String: 0x0 Enabled: 1, PlugEventsDelay: 254ms
> [   69.886994] thunderbolt 0000:03:00.0:    unknown1: 0x0 unknown4: 0x0
> [   69.920748] BUG: unable to handle kernel NULL pointer dereference at 00000000000002ec
> [   69.920834] IP: tb_drom_read+0x383/0x890 [thunderbolt]

I've seen this once on Alpine Ridge LP (which you have here) where the
DROM contents of the older NVM image listed too many ports. Can you try
if the below patch helps?

diff --git a/drivers/thunderbolt/eeprom.c b/drivers/thunderbolt/eeprom.c
index 996c6e2..bdf7f80 100644
--- a/drivers/thunderbolt/eeprom.c
+++ b/drivers/thunderbolt/eeprom.c
@@ -333,6 +333,12 @@ static int tb_drom_parse_entry_port(struct tb_switch *sw,
 	int res;
 	enum tb_port_type type;
 
+	if (header->index > sw->config.max_port_number) {
+		tb_sw_warn(sw, "DROM has too many entries %u (expected %u)\n",
+			   header->index, sw->config.max_port_number);
+		return 0;
+	}
+
 	port = &sw->ports[header->index];
 	port->disabled = header->port_disabled;
 	if (port->disabled)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ