| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220330235920.2800929-9-ira.weiny@intel.com>
Date: Wed, 30 Mar 2022 16:59:18 -0700
From: ira.weiny@...el.com
To: Dan Williams <dan.j.williams@...el.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Jonathan Cameron <Jonathan.Cameron@...wei.com>
Cc: Alison Schofield <alison.schofield@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>,
Ira Weiny <ira.weiny@...el.com>,
Ben Widawsky <ben.widawsky@...el.com>,
linux-kernel@...r.kernel.org, linux-cxl@...r.kernel.org,
linux-pci@...r.kernel.org
Subject: [PATCH V7 08/10] cxl/cdat: Introduce cxl_cdat_valid()
From: Ira Weiny <ira.weiny@...el.com>
The CDAT data is protected by a checksum and should be the proper
length.
Introduce cxl_cdat_valid() to validate the data. While at it check and
store the sequence number.
Signed-off-by: Ira Weiny <ira.weiny@...el.com>
---
Changes from V6
Change name to cxl_cdat_valid() as this validates all the CDAT
data not just the header
Add error and debug prints
Changes from V5
New patch, split out
Update cdat_hdr_valid()
Remove revision and cs field parsing
There is no point in these
Add seq check and debug print.
---
drivers/cxl/cdat.h | 2 ++
drivers/cxl/pci.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/drivers/cxl/cdat.h b/drivers/cxl/cdat.h
index 4722b6bbbaf0..a7725d26f2d2 100644
--- a/drivers/cxl/cdat.h
+++ b/drivers/cxl/cdat.h
@@ -88,10 +88,12 @@
*
* @table: cache of CDAT table
* @length: length of cached CDAT table
+ * @seq: Last read Sequence number of the CDAT table
*/
struct cxl_cdat {
void *table;
size_t length;
+ u32 seq;
};
#endif /* !__CXL_CDAT_H__ */
diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index a1d500381438..ddd6b705fd67 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -762,6 +762,40 @@ static int cxl_setup_doe_devices(struct cxl_dev_state *cxlds)
return 0;
}
+static bool cxl_cdat_valid(struct device *dev, struct cxl_cdat *cdat)
+{
+ u32 *table = cdat->table;
+ u8 *data8 = cdat->table;
+ u32 length, seq;
+ u8 check;
+ int i;
+
+ length = FIELD_GET(CDAT_HEADER_DW0_LENGTH, table[0]);
+ if ((length < CDAT_HEADER_LENGTH_BYTES) || (length > cdat->length)) {
+ dev_err(dev, "Invalid length %u (%lu-%lu)\n", length,
+ CDAT_HEADER_LENGTH_BYTES, cdat->length);
+ return false;
+ }
+
+ for (check = 0, i = 0; i < length; i++)
+ check += data8[i];
+
+ dev_dbg(dev, "CDAT length %u CS %u\n", length, check);
+ if (check != 0) {
+ dev_err(dev, "Invalid checksum %u\n", check);
+ return false;
+ }
+
+ seq = FIELD_GET(CDAT_HEADER_DW3_SEQUENCE, table[3]);
+ /* Store the sequence for now. */
+ if (cdat->seq != seq) {
+ dev_info(dev, "CDAT seq change %x -> %x\n", cdat->seq, seq);
+ cdat->seq = seq;
+ }
+
+ return true;
+}
+
#define CDAT_DOE_REQ(entry_handle) \
(FIELD_PREP(CXL_DOE_TABLE_ACCESS_REQ_CODE, \
CXL_DOE_TABLE_ACCESS_REQ_CODE_READ) | \
@@ -873,6 +907,8 @@ static int cxl_cdat_read_table(struct cxl_dev_state *cxlds,
release_driver:
cxl_pci_doe_put_drv(doe_dev);
+ if (!rc && !cxl_cdat_valid(cxlds->dev, cdat))
+ return -EIO;
return rc;
}
--
2.35.1
Powered by blists - more mailing lists