lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <36dab0ec1f7e0f974e035abb597bb38be517c959.camel@intel.com>
Date:   Mon, 6 May 2019 20:15:56 +0000
From:   "Derrick, Jonathan" <jonathan.derrick@...el.com>
To:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "zub@...ux.fjfi.cvut.cz" <zub@...ux.fjfi.cvut.cz>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
        "sbauer@...donthack.me" <sbauer@...donthack.me>,
        "axboe@...nel.dk" <axboe@...nel.dk>
CC:     "jonas.rabenstein@...dium.uni-erlangen.de" 
        <jonas.rabenstein@...dium.uni-erlangen.de>
Subject: Re: [PATCH 3/3] block: sed-opal: check size of shadow mbr

lgtm again

Reviewed-by: Jon Derrick <jonathan.derrick@...el.com>

On Wed, 2019-05-01 at 01:20 +0200, David Kozub wrote:
> From: Jonas Rabenstein <jonas.rabenstein@...dium.uni-erlangen.de>
> 
> Check whether the shadow mbr does fit in the provided space on the
> target. Also a proper firmware should handle this case and return an
> error we may prevent problems or even damage with crappy firmwares.
> 
> Signed-off-by: Jonas Rabenstein <
> jonas.rabenstein@...dium.uni-erlangen.de>
> Signed-off-by: David Kozub <zub@...ux.fjfi.cvut.cz>
> Reviewed-by: Scott Bauer <sbauer@...donthack.me>
> Reviewed-by: Jon Derrick <jonathan.derrick@...el.com>
> ---
>  block/opal_proto.h | 16 ++++++++++++++++
>  block/sed-opal.c   | 39 +++++++++++++++++++++++++++++++++++++++
>  2 files changed, 55 insertions(+)
> 
> diff --git a/block/opal_proto.h b/block/opal_proto.h
> index b6e352cfe982..5e8df3245eb0 100644
> --- a/block/opal_proto.h
> +++ b/block/opal_proto.h
> @@ -106,6 +106,7 @@ enum opal_uid {
>  	OPAL_ENTERPRISE_BANDMASTER0_UID,
>  	OPAL_ENTERPRISE_ERASEMASTER_UID,
>  	/* tables */
> +	OPAL_TABLE_TABLE,
>  	OPAL_LOCKINGRANGE_GLOBAL,
>  	OPAL_LOCKINGRANGE_ACE_RDLOCKED,
>  	OPAL_LOCKINGRANGE_ACE_WRLOCKED,
> @@ -160,6 +161,21 @@ enum opal_token {
>  	OPAL_STARTCOLUMN = 0x03,
>  	OPAL_ENDCOLUMN = 0x04,
>  	OPAL_VALUES = 0x01,
> +	/* table table */
> +	OPAL_TABLE_UID = 0x00,
> +	OPAL_TABLE_NAME = 0x01,
> +	OPAL_TABLE_COMMON = 0x02,
> +	OPAL_TABLE_TEMPLATE = 0x03,
> +	OPAL_TABLE_KIND = 0x04,
> +	OPAL_TABLE_COLUMN = 0x05,
> +	OPAL_TABLE_COLUMNS = 0x06,
> +	OPAL_TABLE_ROWS = 0x07,
> +	OPAL_TABLE_ROWS_FREE = 0x08,
> +	OPAL_TABLE_ROW_BYTES = 0x09,
> +	OPAL_TABLE_LASTID = 0x0A,
> +	OPAL_TABLE_MIN = 0x0B,
> +	OPAL_TABLE_MAX = 0x0C,
> +
>  	/* authority table */
>  	OPAL_PIN = 0x03,
>  	/* locking tokens */
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index 5acb873e9037..39e3eecca58d 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -138,6 +138,8 @@ static const u8 opaluid[][OPAL_UID_LENGTH] = {
>  
>  	/* tables */
>  
> +	[OPAL_TABLE_TABLE]
> +		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
>  	[OPAL_LOCKINGRANGE_GLOBAL] =
>  		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
>  	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
> @@ -1139,6 +1141,29 @@ static int generic_get_column(struct opal_dev
> *dev, const u8 *table,
>  	return finalize_and_send(dev, parse_and_check_status);
>  }
>  
> +/*
> + * see TCG SAS 5.3.2.3 for a description of the available columns
> + *
> + * the result is provided in dev->resp->tok[4]
> + */
> +static int generic_get_table_info(struct opal_dev *dev, enum
> opal_uid table,
> +				  u64 column)
> +{
> +	u8 uid[OPAL_UID_LENGTH];
> +	const unsigned int half = OPAL_UID_LENGTH/2;
> +
> +	/* sed-opal UIDs can be split in two halves:
> +	 *  first:  actual table index
> +	 *  second: relative index in the table
> +	 * so we have to get the first half of the OPAL_TABLE_TABLE and
> use the
> +	 * first part of the target table as relative index into that
> table
> +	 */
> +	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
> +	memcpy(uid+half, opaluid[table], half);
> +
> +	return generic_get_column(dev, uid, column);
> +}
> +
>  static int gen_key(struct opal_dev *dev, void *data)
>  {
>  	u8 uid[OPAL_UID_LENGTH];
> @@ -1554,6 +1579,20 @@ static int write_shadow_mbr(struct opal_dev
> *dev, void *data)
>  	u64 len;
>  	int err = 0;
>  
> +	/* do we fit in the available shadow mbr space? */
> +	err = generic_get_table_info(dev, OPAL_MBR, OPAL_TABLE_ROWS);
> +	if (err) {
> +		pr_debug("MBR: could not get shadow size\n");
> +		return err;
> +	}
> +
> +	len = response_get_u64(&dev->parsed, 4);
> +	if (shadow->size > len || shadow->offset > len - shadow->size)
> {
> +		pr_debug("MBR: does not fit in shadow (%llu vs.
> %llu)\n",
> +			 shadow->offset + shadow->size, len);
> +		return -ENOSPC;
> +	}
> +
>  	/* do the actual transmission(s) */
>  	src = (u8 __user *)(uintptr_t)shadow->data;
>  	while (off < shadow->size) {

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3278 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ