lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200731110240.98326-7-refactormyself@gmail.com>
Date:   Fri, 31 Jul 2020 13:02:34 +0200
From:   "Saheed O. Bolarinwa" <refactormyself@...il.com>
To:     helgaas@...nel.org
Cc:     "Saheed O. Bolarinwa" <refactormyself@...il.com>,
        bjorn@...gaas.com, skhan@...uxfoundation.org,
        linux-pci@...r.kernel.org,
        linux-kernel-mentees@...ts.linuxfoundation.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH v4 06/12] PCI: pciehp: Check if pcie_capability_read_*() reads ~0

On failure pcie_capability_read_word() sets it's last parameter, val
to 0. However, with Patch 12/12, it is possible that val is set to
~0 on failure. This introduces a bug because (x & x) == (~0 & x).

Since ~0 is an invalid value here,

pciehp_get_power_status():
Add an extra check for ~0 on the value read. If found, set status
to 'Power On' and return.

pcie_wait_for_presence():
Add an extra check for no ~0 to the exit condition of the loop

Suggested-by: Bjorn Helgaas <bjorn@...gaas.com>
Signed-off-by: Saheed O. Bolarinwa <refactormyself@...il.com>
---
 drivers/pci/hotplug/pciehp_hpc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
index b89c9ee4a3b5..39305aabc3a2 100644
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -278,7 +278,7 @@ static void pcie_wait_for_presence(struct pci_dev *pdev)
 
 	do {
 		pcie_capability_read_word(pdev, PCI_EXP_SLTSTA, &slot_status);
-		if (slot_status & PCI_EXP_SLTSTA_PDS)
+		if ((slot_status != (u16)~0) && (slot_status & PCI_EXP_SLTSTA_PDS))
 			return;
 		msleep(10);
 		timeout -= 10;
@@ -399,6 +399,11 @@ void pciehp_get_power_status(struct controller *ctrl, u8 *status)
 	ctrl_dbg(ctrl, "%s: SLOTCTRL %x value read %x\n", __func__,
 		 pci_pcie_cap(ctrl->pcie->port) + PCI_EXP_SLTCTL, slot_ctrl);
 
+	if (slot_ctrl == (u16)~0) {
+		*status = 1;    /* On */
+		return;
+	}
+
 	switch (slot_ctrl & PCI_EXP_SLTCTL_PCC) {
 	case PCI_EXP_SLTCTL_PWR_OFF:
 		*status = 0;	/* Off */
-- 
2.18.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ