lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Jul 2021 09:03:07 +0200
From:   Arnd Bergmann <arnd@...nel.org>
To:     Shawn Lin <shawn.lin@...k-chips.com>
Cc:     Jernej Skrabec <jernej.skrabec@...il.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        linux-mmc <linux-mmc@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Ulf Hansson <ulf.hansson@...aro.org>
Subject: Re: [PATCH] mmc: warn for invalid SDIO data buffers【请注意,邮件由linux-mmc-owner@...r.kernel.org代发】

On Fri, Jul 2, 2021 at 3:02 AM Shawn Lin <shawn.lin@...k-chips.com> wrote:
> On 2021/6/30 20:20, Arnd Bergmann wrote:
> > From: Arnd Bergmann <arnd@...db.de>
> >
> > Jernej Skrabec reported a problem with the cw1200 driver failing on
> > arm64 systems with CONFIG_VMAP_STACK=y.
> >
> > The driver in this case passes a pointer to a stack variable (in vmalloc
> > space) into the sdio layer, which gets translated into an invalid DMA
> > address.
> >
> > Even without CONFIG_VMAP_STACK, the driver is still unreliable, as
> > cache invalidations on the DMA buffer may cause random data corruption
> > in adjacent stack slots.
> >
> > This could be worked around in the SDIO core, but in the discussion we
> > decided that passing a stack variable into SDIO should always be considered
> > a bug, as it is for USB drivers.
> >
> > Change the sdio core to produce a one-time warning for any on-stack
> > (both with and without CONFIG_VMAP_STACK) as well as any vmalloc
> > or module-local address that would have the same translation problem.
>
> This was the previous comment about the same topic.
> Should we check for mmc_io_rw_direct?
>
> https://www.spinics.net/lists/linux-mmc/msg41794.html

Hi Shawn,

thank you for remembering that previous discussion, that is a
good question. Looking at the code though, I don't actually
see any part of mmc_io_rw_direct() doing DMA on a caller-provided
buffer. The only thing I see in the code is a 'u8 *out' argument, but
that is just a pointer to a single byte that is set by this function.

Do you see any other issue with that function, or does that mean
we don't have to change it?

       Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ