lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 10 May 2021 11:14:26 +0800
From:   Yuan Yao <yuan.yao@...ux.intel.com>
To:     Alex Williamson <alex.williamson@...hat.com>
Cc:     tkffaul@...look.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vfio/pci: Sanity check IGD OpRegion Size

On Sun, May 09, 2021 at 07:34:08PM -0600, Alex Williamson wrote:
> On Mon, 10 May 2021 09:10:14 +0800
> Yuan Yao <yuan.yao@...ux.intel.com> wrote:
> 
> > On Fri, May 07, 2021 at 12:53:17PM -0600, Alex Williamson wrote:
> > > The size field of the IGD OpRegion table is supposed to indicate table
> > > size in KB, but we've seen at least one report of a BIOS that appears
> > > to incorrectly report size in bytes.  The default size is 8 (*1024 =
> > > 8KB), but an incorrect implementation may report 8192 (*1024 = 8MB)
> > > and can cause a variety of mapping errors.
> > > 
> > > It's believed that 8MB would be an implausible, if not absurd, actual
> > > size, so we can probably be pretty safe in assuming this is a BIOS bug
> > > where the intended size is likely 8KB.
> > > 
> > > Reported-by: Travis Faulhaber <tkffaul@...look.com>
> > > Tested-by: Travis Faulhaber <tkffaul@...look.com>
> > > Signed-off-by: Alex Williamson <alex.williamson@...hat.com>
> > > ---
> > >  drivers/vfio/pci/vfio_pci_igd.c |   11 ++++++++++-
> > >  1 file changed, 10 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/vfio/pci/vfio_pci_igd.c b/drivers/vfio/pci/vfio_pci_igd.c
> > > index 228df565e9bc..c89a4797cd18 100644
> > > --- a/drivers/vfio/pci/vfio_pci_igd.c
> > > +++ b/drivers/vfio/pci/vfio_pci_igd.c
> > > @@ -86,7 +86,16 @@ static int vfio_pci_igd_opregion_init(struct vfio_pci_device *vdev)
> > >  		return -EINVAL;
> > >  	}
> > >  
> > > -	size *= 1024; /* In KB */
> > > +	/*
> > > +	 * The OpRegion size field is specified as size in KB, but there have been
> > > +	 * user reports where this field appears to report size in bytes.  If we
> > > +	 * read 8192, assume this is the case.
> > > +	 */
> > > +	if (size == OPREGION_SIZE)  
> > 
> > Is "size >= OPREGION_SIZE" or "size >= smaller but still implausible value
> > (like 4096)" better for covering more bad BIOS implementation cases ?
> 
> We haven't seen such cases and it seems like a BIOS implementation
> competent enough to use something other than the default size, probably
> might get the units correct for this field.  Our footing for assuming
> this specific implementation error gets shakier if we try to apply it
> beyond the default size, imo.  Thanks,

OK, make sense to me, thanks.

> 
> Alex
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ