lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 Mar 2019 00:55:14 +0800
From:   John Garry <john.garry@...wei.com>
To:     <jdelvare@...e.com>, <linux@...ck-us.net>, <bhelgaas@...gle.com>,
        <rafael@...nel.org>, <arnd@...db.de>, <lorenzo.pieralisi@....com>,
        <bp@...e.de>
CC:     <linux-hwmon@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-pci@...r.kernel.org>, <wangkefeng.wang@...wei.com>,
        <linuxarm@...wei.com>, John Garry <john.garry@...wei.com>
Subject: [RFC PATCH 0/2] Fix system crash for accessing unmapped IO port regions

It was reported some time ago that systems will crash if a driver attempts
to access IO port addresses when the PCI IO port region has not been
mapped [1].

More recently, a similar crash was seen where the system PCI host probe
fails, and the IPMI driver crashes the system while attempting to do some
IO port accesses [2].

This (incomplete) patchset attempts to keep the kernel alive in such
situations, by rejecting IO port resource requests until PCI IO port
regions have been mapped (in a pci_remap_iospace() call).

Currently the PCI IO port region is initialized to the full range,
{0, IO_SPACE_LIMIT}. As such, any IO port region requests would not fail
because of PCI IO port regions not being mapped.

This patchset looks to remedy this issue by ensuring IO port requests are
made to direct children of ioport_resource (PCI host IO port regions),
similar to Arnd's solution, in [1]:

"I see that ioport_resource gets initialized to the {0, IO_SPACE_LIMIT}
range. If we could change it so that pci_remap_iospace() hooks up
to ioport_resource and extends it whenever something gets mapped
there up to IO_SPACE_LIMIT, we can change the default range to
{0,0}, which would fail for any request_region call before the
first pci_remap_iospace."

I didn't use this solution exactly, as I thought that it may cause
problems if we later wanted to remove PCI host IO port regions.

There is another separate issue that many drivers fail to request IO port
region, prior to access. This patchset fixes the f71805f driver as an
example.

There are others drivers which need to be fixed up to do the same.

1. https://www.spinics.net/lists/linux-pci/msg49821.html
2. https://www.spinics.net/lists/arm-kernel/msg694702.html

John Garry (2):
  resource: Request IO port regions from children of ioport_resource
  hwmon: (f71805f): Use request_region() in f71805f_init()

 drivers/hwmon/f71805f.c | 13 ++++++++++++-
 include/linux/ioport.h  |  6 +++++-
 kernel/resource.c       | 19 +++++++++++++++++++
 3 files changed, 36 insertions(+), 2 deletions(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ