lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Oct 2017 12:27:34 +0300
From:   Mika Westerberg <mika.westerberg@...ux.intel.com>
To:     David Miller <davem@...emloft.net>
Cc:     Andreas Noever <andreas.noever@...il.com>,
        Michael Jamet <michael.jamet@...el.com>,
        Yehezkel Bernat <yehezkel.bernat@...el.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Amir Levy <amir.jer.levy@...el.com>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] thunderbolt: Drop sequence number check from tb_xdomain_match()

Commit 9a03c3d398c1 ("thunderbolt: Fix a couple right shifting to zero
bugs") revealed an issue that was previously hidden because we never
actually compared received XDomain message sequence numbers properly.
The idea with these sequence numbers is that the responding host uses
the same sequence number that was in the request packet which we can
then check at the requesting host.

However, testing against macOS it looks like it does not follow this but
instead uses some other logic. Windows driver on the other hand handles
it the same way than Linux.

In order to be able to talk to macOS again, fix this so that we drop the
whole sequence number check. This effectively works exactly the same
than it worked before the aforementioned commit. This also follows the
logic the original P2P networking code used.

Signed-off-by: Mika Westerberg <mika.westerberg@...ux.intel.com>
---
This applies on top of net-next.git/master.

 drivers/thunderbolt/xdomain.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
index ff8d91189e99..f25d88d4552b 100644
--- a/drivers/thunderbolt/xdomain.c
+++ b/drivers/thunderbolt/xdomain.c
@@ -56,7 +56,6 @@ static bool tb_xdomain_match(const struct tb_cfg_request *req,
 	case TB_CFG_PKG_XDOMAIN_RESP: {
 		const struct tb_xdp_header *res_hdr = pkg->buffer;
 		const struct tb_xdp_header *req_hdr = req->request;
-		u32 req_seq, res_seq;
 
 		if (pkg->frame.size < req->response_size / 4)
 			return false;
@@ -68,14 +67,6 @@ static bool tb_xdomain_match(const struct tb_cfg_request *req,
 		if ((res_hdr->xd_hdr.route_lo) != req_hdr->xd_hdr.route_lo)
 			return false;
 
-		/* Then check that the sequence number matches */
-		res_seq = res_hdr->xd_hdr.length_sn & TB_XDOMAIN_SN_MASK;
-		res_seq >>= TB_XDOMAIN_SN_SHIFT;
-		req_seq = req_hdr->xd_hdr.length_sn & TB_XDOMAIN_SN_MASK;
-		req_seq >>= TB_XDOMAIN_SN_SHIFT;
-		if (res_seq != req_seq)
-			return false;
-
 		/* Check that the XDomain protocol matches */
 		if (!uuid_equal(&res_hdr->uuid, &req_hdr->uuid))
 			return false;
-- 
2.14.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ