| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Mar 2019 02:14:07 +0800
From: John Garry <john.garry@...wei.com>
To: <bhelgaas@...gle.com>, <rafael@...nel.org>, <arnd@...db.de>,
<lorenzo.pieralisi@....com>, <bp@...e.de>
CC: <linux@...ck-us.net>, <linux-kernel@...r.kernel.org>,
<linux-pci@...r.kernel.org>, <wangkefeng.wang@...wei.com>,
<linuxarm@...wei.com>, <agraf@...e.de>,
<andy.shevchenko@...il.com>, "John Garry" <john.garry@...wei.com>
Subject: [PATCH v2 0/3] Fix system crash for accessing unmapped IO port regions
It was reported some time ago that systems will crash if a driver attempts
to access IO port addresses when the PCI IO port region has not been
mapped [1].
More recently, a similar crash is where the system PCI host probe fails,
and the IPMI driver crashes the system while attempting to do some IO port
accesses [2].
This patchset attempts to keep the kernel alive in such situations by 2
complementary methods:
1. Rejecting IO port resource requests until PCI IO port regions have been
mapped (in a pci_remap_iospace() call).
2. Rejecting logic PIO access to PCI IO regions until, again, PCI IO port
regions have been mapped
About 1:
Currently the PCI IO port region is initialized to the full range,
{0, IO_SPACE_LIMIT}. As such, any IO port region requests would not fail
because of PCI IO port regions not being mapped.
Patch 1/3 looks to remedy this issue by ensuring IO port requests are
made to direct children of ioport_resource (PCI host IO port regions),
similar to Arnd's solution, mentioned in [1]:
"I see that ioport_resource gets initialized to the {0, IO_SPACE_LIMIT}
range. If we could change it so that pci_remap_iospace() hooks up
to ioport_resource and extends it whenever something gets mapped
there up to IO_SPACE_LIMIT, we can change the default range to
{0,0}, which would fail for any request_region call before the
first pci_remap_iospace."
I didn't use this solution, as logical PIO space is sparse in
{0, IO_SPACE_LIMIT}, so we cannot simply grow the region.
I marked the patch as RFC, as the solution is not ideal, i.e. calling
__release_region() if the region is not suitable. In addition,
regressions may be seen, so I would like input first.
About 2:
Some drivers - like f71805f hwmon driver - do not call
request_{muxed_}region() prior to accessing IO port regions, as they
should do.
So patch 2/3 adds a safeguard against this, in that unwarranted PIO IO
accesses will be discarded in the low-level accessors.
About the issue of f71805f driver not requesting the IO port region -
many drivers do this, and need to be fixed up separately.
1. https://www.spinics.net/lists/linux-pci/msg49821.html
2. https://www.spinics.net/lists/arm-kernel/msg694702.html
Differences to v1 patchset:
https://lkml.org/lkml/2019/3/14/630
- Drop f71805f fix - it can be done in a separate patchset
- Change implementation in resource.c patch to check if parent of region
is ioport_resource
- Add patch to fix some logic_pio.c prints
John Garry (3):
resource: Request IO port regions from children of ioport_resource
lib: logic_pio: Reject access to unregistered CPU MMIO regions
lib: logic_pio: Make some prints explicitly hex
include/linux/ioport.h | 12 +++++--
kernel/resource.c | 28 ++++++++++++++++
lib/logic_pio.c | 74 ++++++++++++++++++++++++------------------
3 files changed, 79 insertions(+), 35 deletions(-)
--
2.17.1
Powered by blists - more mailing lists