lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 Feb 2021 23:40:28 +0800
From:   "Jiaxun Yang" <jiaxun.yang@...goat.com>
To:     "Jinyang He" <hejinyang@...ngson.cn>,
        "Thomas Bogendoerfer" <tsbogend@...ha.franken.de>,
        "John Crispin" <john@...ozen.org>
Cc:     "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC] MIPS: Remove detect_memory_region()



On Wed, Feb 24, 2021, at 9:02 PM, Jinyang He wrote:
> detect_memory_region() was committed by Commit 4d9f77d25268 ("MIPS: add
> detect_memory_region()"). Then it was equipped by Commit dd63b00804a5
> ("MIPS: ralink: make use of the new memory detection code") and
> Commit 9b75733b7b5e ("MIPS: ath79: make use of the new memory detection
> code"). Its code is based on early ath79 platform code.
> 
> What puzzles me is that how memcmp() detect the memory region. If `break`
> was touched, the function could make sense. That means memcmp() should
> return zero. Otherwise, the loop will be end by size > sz_max.
> 
> I have tested detect_memory_region() on Loongson64 3A3000. On our design,
> kseg0 low 256MB maps real memory and kseg0 high 256MB maps IO/PCI. The
> function runs and last stopped on kseg1 where is uncached. In this process
> memcmp also returned non-zero when detected kseg0 high 256MB. Then I did
> another thing. memcpy first and test memcmp then (after &_end). It works
> well on 3A3000 but badly on 3A4000. Maybe because kseg0 high 256MB maps
> IO/PCI and it is dangerous to write like write memory.
> 
> At last, read memory from where is not memory region may always return 0.
> (Or trigger exception.) This function have been used several years and
> seems no error occur. Maybe it's a fallback way.

That is not true for other platforms like ath79 or mtk.
They'll wrap around or return 0xffffffff for out of boundary accessing.

Loongson does not apply to this case as it have special "Address Window"
design to accurately describe address regions.
Any access beyond described windows will be handled by MC and return 0 or random stuff.

Again, please don't make changes because you can.

Thanks.

- Jiaxun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ