lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1553105650-28012-1-git-send-email-john.garry@huawei.com>
Date:   Thu, 21 Mar 2019 02:14:07 +0800
From:   John Garry <john.garry@...wei.com>
To:     <bhelgaas@...gle.com>, <rafael@...nel.org>, <arnd@...db.de>,
        <lorenzo.pieralisi@....com>, <bp@...e.de>
CC:     <linux@...ck-us.net>, <linux-kernel@...r.kernel.org>,
        <linux-pci@...r.kernel.org>, <wangkefeng.wang@...wei.com>,
        <linuxarm@...wei.com>, <agraf@...e.de>,
        <andy.shevchenko@...il.com>, "John Garry" <john.garry@...wei.com>
Subject: [PATCH v2 0/3] Fix system crash for accessing unmapped IO port regions

It was reported some time ago that systems will crash if a driver attempts
to access IO port addresses when the PCI IO port region has not been
mapped [1].

More recently, a similar crash is where the system PCI host probe fails,
and the IPMI driver crashes the system while attempting to do some IO port
accesses [2].

This patchset attempts to keep the kernel alive in such situations by 2
complementary methods:
1. Rejecting IO port resource requests until PCI IO port regions have been
mapped (in a pci_remap_iospace() call).
2. Rejecting logic PIO access to PCI IO regions until, again, PCI IO port
regions have been mapped

About 1:
Currently the PCI IO port region is initialized to the full range,
{0, IO_SPACE_LIMIT}. As such, any IO port region requests would not fail
because of PCI IO port regions not being mapped.

Patch 1/3 looks to remedy this issue by ensuring IO port requests are
made to direct children of ioport_resource (PCI host IO port regions),
similar to Arnd's solution, mentioned in [1]:

"I see that ioport_resource gets initialized to the {0, IO_SPACE_LIMIT}
range. If we could change it so that pci_remap_iospace() hooks up
to ioport_resource and extends it whenever something gets mapped
there up to IO_SPACE_LIMIT, we can change the default range to
{0,0}, which would fail for any request_region call before the
first pci_remap_iospace."

I didn't use this solution, as logical PIO space is sparse in
{0, IO_SPACE_LIMIT}, so we cannot simply grow the region.

I marked the patch as RFC, as the solution is not ideal, i.e. calling
__release_region() if the region is not suitable. In addition,
regressions may be seen, so I would like input first.

About 2:
Some drivers - like f71805f hwmon driver - do not call
request_{muxed_}region() prior to accessing IO port regions, as they
should do.

So patch 2/3 adds a safeguard against this, in that unwarranted PIO IO
accesses will be discarded in the low-level accessors.

About the issue of f71805f driver not requesting the IO port region -
many drivers do this, and need to be fixed up separately.

1. https://www.spinics.net/lists/linux-pci/msg49821.html
2. https://www.spinics.net/lists/arm-kernel/msg694702.html

Differences to v1 patchset:
https://lkml.org/lkml/2019/3/14/630
- Drop f71805f fix - it can be done in a separate patchset
- Change implementation in resource.c patch to check if parent of region
  is ioport_resource
- Add patch to fix some logic_pio.c prints

John Garry (3):
  resource: Request IO port regions from children of ioport_resource
  lib: logic_pio: Reject access to unregistered CPU MMIO regions
  lib: logic_pio: Make some prints explicitly hex

 include/linux/ioport.h | 12 +++++--
 kernel/resource.c      | 28 ++++++++++++++++
 lib/logic_pio.c        | 74 ++++++++++++++++++++++++------------------
 3 files changed, 79 insertions(+), 35 deletions(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ