lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2019 12:17:43 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Jarkko Sakkinen' <jarkko.sakkinen@...ux.intel.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> CC: "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Tomas Winkler <tomas.winkler@...el.com>, Jerry Snitselaar <jsnitsel@...hat.com> Subject: RE: [PATCH] tpm/tpm_crb: Avoid unaligned reads in crb_recv(): From: Jarkko Sakkinen > Sent: 01 February 2019 11:20 > The current approach to read first 6 bytes from the response and then tail > of the response, can cause the 2nd memcpy_fromio() to do an unaligned read > (e.g. read 32-bit word from address aligned to a 16-bits), depending on how > memcpy_fromio() is implemented. If this happens, the read will fail and the > memory controller will fill the read with 1's. To my mind memcpy_to/fromio() should only be used on IO addresses that are adequately like memory, and should be implemented in a way that that won't generate invalid bus cycles. Also memcpy_fromio() should also be allowed to do 'aligned' accesses that go beyond the ends of the required memory area. ... > > - memcpy_fromio(buf, priv->rsp, 6); > + memcpy_fromio(buf, priv->rsp, 8); > expected = be32_to_cpup((__be32 *) &buf[2]); > - if (expected > count || expected < 6) > + if (expected > count || expected < 8) > return -EIO; > > - memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6); > + memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8); Why not just use readl() or readq() ? Bound to generate better code. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists