lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXFVkEriwPhKhb1TC05sK9JmzE94Xmp=r1xty1BP2RcY2g@mail.gmail.com>
Date:   Sun, 27 Feb 2022 08:37:18 +0100
From:   Ard Biesheuvel <ardb@...nel.org>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     Len Brown <lenb@...nel.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        ACPI Devel Maling List <linux-acpi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Alexander Graf <graf@...zon.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH v5 2/3] ACPI: allow longer device IDs

On Sun, 27 Feb 2022 at 08:31, Ard Biesheuvel <ardb@...nel.org> wrote:
>
> On Sat, 26 Feb 2022 at 23:07, Jason A. Donenfeld <Jason@...c4.com> wrote:
> >
> > From: Alexander Graf <graf@...zon.com>
> >
>
> Please don't invent patch authors like that. Alex's patch that started
> this discussion was completely different.
>
> > We create a list of ACPI "PNP" IDs which contains _HID, _CID, and CLS
> > entries of the respective devices. However, we squeeze them into struct
> > acpi_device_id, which only has 9 bytes space to store the identifier. It
> > originally had 16 bytes, but was changed to only have 9 in 6543becf26ff
> > ("mod/file2alias: make modalias generation safe for cross compiling"),
> > presumably on the theory that it would match the ACPI spec so it didn't
> > matter.
> >
>
> Please clarify that this applies to the module metadata side of
> things. The ACPI subsystem already captures and exposes _HIDs and
> _CIDs that are longer than 8 characters, which is why simply
> increasing the size of this field is sufficient to create modules that
> can match devices that expose a CID that is longer than 8 bytes.
>
> > Unfortunately, while most people adhere to the ACPI specs, Microsoft
> > decided that its VM Generation Counter device [1] should only be
> > identifiable by _CID with a value of "VM_Gen_Counter", which is longer
> > than 9 characters.
> >
> > To allow device drivers to match identifiers that exceed the 9 byte
> > limit, this simply ups the length to 16, just like it was before the
> > aforementioned commit. Empirical testing indicates that this
> > doesn't actually increase vmlinux size, because the ulong in the same
> > struct caused there to be 7 bytes of padding anyway.
> >
>
> The padding situation only applies to struct acpi_device_id, whereas
> ACPI_ID_LEN is used in other places as well. Also, the size of vmlinux
> only covers statically allocated instances in the core kernel, and
> most of the ACPI_ID_LEN uses are probably in drivers. So whether
> vmlinux changes size or not is not that relevant.
>
>
> > This patch is a prerequisite to add support for VMGenID in Linux, the
> > subsequent patch in this series. It has been confirmed to also work on
> > the udev/modalias side in userspace.
> >
> > [1] https://download.microsoft.com/download/3/1/C/31CFC307-98CA-4CA5-914C-D9772691E214/VirtualMachineGenerationID.docx
> >
> > Cc: Ard Biesheuvel <ardb@...nel.org>
> > Cc: Len Brown <lenb@...nel.org>
> > Cc: Rafael J. Wysocki <rafael@...nel.org>
> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > Co-authored-by: Jason A. Donenfeld <Jason@...c4.com>
> > Signed-off-by: Alexander Graf <graf@...zon.com>
> > Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
>
> Patch 6543becf26ff was wrong to change ACPI_ID_LEN, because it failed
> to take into account any other uses of ACPI_ID_LEN, and did not bother
> to explain why the change was necessary in the context of what it was
> trying to achieve.
>

Hmm, actually, ACPI_ID_LEN wasn't used outside of
linux/mod_device_table.h before 6543becf26ff, so changing it at that
point was fine.

I do wonder how much code is out there that blindly assumes the ACPI
core will never deliver more than 8 bytes' worth of _HID/_CID, and
subsequently runs off the end of a statically sized buffer.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ