| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190612010518.GB22479@char.us.oracle.com>
Date: Tue, 11 Jun 2019 21:05:18 -0400
From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
To: Lu Baolu <baolu.lu@...ux.intel.com>
Cc: David Woodhouse <dwmw2@...radead.org>,
Joerg Roedel <joro@...tes.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Christoph Hellwig <hch@....de>, ashok.raj@...el.com,
jacob.jun.pan@...el.com, alan.cox@...el.com, kevin.tian@...el.com,
mika.westerberg@...ux.intel.com, Ingo Molnar <mingo@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
pengfei.xu@...el.com, Marek Szyprowski <m.szyprowski@...sung.com>,
Robin Murphy <robin.murphy@....com>,
Jonathan Corbet <corbet@....net>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 3/9] swiotlb: Zero out bounce buffer for untrusted
device
On Wed, Jun 12, 2019 at 08:43:40AM +0800, Lu Baolu wrote:
> Hi Konrad,
>
> Thanks a lot for your reviewing.
>
> On 6/10/19 11:45 PM, Konrad Rzeszutek Wilk wrote:
> > On Mon, Jun 03, 2019 at 09:16:14AM +0800, Lu Baolu wrote:
> > > This is necessary to avoid exposing valid kernel data to any
> > > milicious device.
> >
> > malicious
>
> Yes, thanks.
>
> >
> > >
> > > Suggested-by: Christoph Hellwig <hch@....de>
> > > Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
> > > ---
> > > kernel/dma/swiotlb.c | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> > >
> > > diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
> > > index f956f785645a..ed41eb7f6131 100644
> > > --- a/kernel/dma/swiotlb.c
> > > +++ b/kernel/dma/swiotlb.c
> > > @@ -35,6 +35,7 @@
> > > #include <linux/scatterlist.h>
> > > #include <linux/mem_encrypt.h>
> > > #include <linux/set_memory.h>
> > > +#include <linux/pci.h>
> > > #ifdef CONFIG_DEBUG_FS
> > > #include <linux/debugfs.h>
> > > #endif
> > > @@ -560,6 +561,11 @@ phys_addr_t swiotlb_tbl_map_single(struct device *hwdev,
> > > */
> > > for (i = 0; i < nslots; i++)
> > > io_tlb_orig_addr[index+i] = orig_addr + (i << IO_TLB_SHIFT);
> > > +
> > > + /* Zero out the bounce buffer if the consumer is untrusted. */
> > > + if (dev_is_untrusted(hwdev))
> > > + memset(phys_to_virt(tlb_addr), 0, alloc_size);
> >
> > What if the alloc_size is less than a PAGE? Should this at least have ALIGN or such?
>
> It's the consumer (iommu subsystem) who requires this to be page
> aligned. For swiotlb, it just clears out all data in the allocated
> bounce buffer.
I am thinking that the if you don't memset the full page the malicious hardware could read stale date from the rest of the page
that hasn't been cleared?
>
> Best regards,
> Baolu
>
> >
> > > +
> > > if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
> > > (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL))
> > > swiotlb_bounce(orig_addr, tlb_addr, mapping_size, DMA_TO_DEVICE);
> > > --
> > > 2.17.1
> > >
> >
Powered by blists - more mailing lists