lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 25 Feb 2019 16:35:39 +0100
From:   Stefan Agner <stefan@...er.ch>
To:     Leonard Crestez <leonard.crestez@....com>
Cc:     linux-kernel@...r.kernel.org, jingoohan1@...il.com,
        lorenzo.pieralisi@....com, gustavo.pimentel@...opsys.com,
        tpiepho@...inj.com, linux-pci@...r.kernel.org, bhelgaas@...gle.com,
        l.stach@...gutronix.de
Subject: Re: [PATCH v6] PCI: imx6: limit DBI register length

On 25.02.2019 15:47, Leonard Crestez wrote:
> On Mon, 2019-02-25 at 15:25 +0100, Stefan Agner wrote:
>> Define the length of the DBI registers and limit config space to its
>> length. This makes sure that the kernel does not access registers
>> beyond that point, avoiding the following abort on a i.MX 6Quad:
>>   # cat /sys/devices/soc0/soc/1ffc000.pcie/pci0000\:00/0000\:00\:00.0/config
>>   [  100.021433] Unhandled fault: imprecise external abort (0x1406) at 0xb6ea7000
>>   ...
>>   [  100.056423] PC is at dw_pcie_read+0x50/0x84
>>   [  100.060790] LR is at dw_pcie_rd_own_conf+0x44/0x48
>>
>> +static void imx6_pcie_quirk(struct pci_dev *dev)
>> +{
>> +	struct pci_bus *bus = dev->bus;
>> +	struct pcie_port *pp = bus->sysdata;
>> +
>> +	if (bus->number == pp->root_bus_nr) {
>> +		struct dw_pcie *pci = to_dw_pcie_from_pp(pp);
>> +		struct imx6_pcie *imx6_pcie = to_imx6_pcie(pci);
>> +
>> +		/*
>> +		 * Limit config length to avoid the kernel reading beyond
>> +		 * the register set and causing an abort on i.MX 6Quad
>> +		 */
>> +		dev->cfg_size = imx6_pcie->drvdata->dbi_length;
>> +	}
>> +}
>> +DECLARE_PCI_FIXUP_HEADER(PCI_ANY_ID, PCI_ANY_ID, imx6_pcie_quirk);
> 
> Are you sure that this quirk is only applied to imx6-pcie?
> Superficially it looks like it would apply to all PCI roots and this
> could be a problem on configs which enable all drivers, like arm64.

That was inspired by the FIXUP in keystone, which uses
PCI_ANY_ID/PCI_ANY_ID too.

However, keystone also does not have arm64 variants it seems.
Furthermore, the keystone fixup checks PCI ids in code.

> 
> Maybe the linker magic inside DECLARE_PCI_FIXUP deals with that, in
> that case I apologize.

I don't think there is special linker magic, if CONFIG_PCI_IMX6 is
enabled this will get called.

I agree, I should use PCI_VENDOR_ID_SYNOPSYS, 0xabcd here.


Btw, while looking at the patch again I realized that I need to check
imx6_pcie->drvdata->dbi_length for 0 and not apply in this case to avoid
breaking other i.MX designs.

I will send a v7.

--
Stefan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ