| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f0a15a0d-7cb3-f635-d8d6-6c32e83ed93b@suse.de>
Date: Thu, 12 May 2022 08:34:04 +0200
From: Hannes Reinecke <hare@...e.de>
To: Serge Semin <Sergey.Semin@...kalelectronics.ru>,
Damien Le Moal <damien.lemoal@...nsource.wdc.com>,
Hans de Goede <hdegoede@...hat.com>,
Jens Axboe <axboe@...nel.dk>
Cc: Serge Semin <fancer.lancer@...il.com>,
Alexey Malahov <Alexey.Malahov@...kalelectronics.ru>,
Pavel Parkhomenko <Pavel.Parkhomenko@...kalelectronics.ru>,
Rob Herring <robh+dt@...nel.org>, linux-ide@...r.kernel.org,
linux-kernel@...r.kernel.org, devicetree@...r.kernel.org
Subject: Re: [PATCH v3 09/23] ata: libahci_platform: Sanity check the DT child
nodes number
On 5/12/22 01:17, Serge Semin wrote:
> Having greater than (AHCI_MAX_PORTS = 32) ports detected isn't that
> critical from the further AHCI-platform initialization point of view since
> exceeding the ports upper limit will cause allocating more resources than
> will be used afterwards. But detecting too many child DT-nodes doesn't
> seem right since it's very unlikely to have it on an ordinary platform. In
> accordance with the AHCI specification there can't be more than 32 ports
> implemented at least due to having the CAP.NP field of 4 bits wide and the
> PI register of dword size. Thus if such situation is found the DTB must
> have been corrupted and the data read from it shouldn't be reliable. Let's
> consider that as an erroneous situation and halt further resources
> allocation.
>
> Note it's logically more correct to have the nports set only after the
> initialization value is checked for being sane. So while at it let's make
> sure nports is assigned with a correct value.
>
> Signed-off-by: Serge Semin <Sergey.Semin@...kalelectronics.ru>
>
> ---
>
> Changelog v2:
> - Drop the else word from the child_nodes value checking if-else-if
> statement (@Damien) and convert the after-else part into the ternary
> operator-based statement.
> ---
> drivers/ata/libahci_platform.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
> index 7ff6626fd569..4e54e19f07b2 100644
> --- a/drivers/ata/libahci_platform.c
> +++ b/drivers/ata/libahci_platform.c
> @@ -480,15 +480,22 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
> }
> }
>
> - hpriv->nports = child_nodes = of_get_child_count(dev->of_node);
> + /*
> + * Too many sub-nodes most likely means having something wrong with
> + * the firmware.
> + */
> + child_nodes = of_get_child_count(dev->of_node);
> + if (child_nodes > AHCI_MAX_PORTS) {
> + rc = -EINVAL;
> + goto err_out;
> + }
>
> /*
> * If no sub-node was found, we still need to set nports to
> * one in order to be able to use the
> * ahci_platform_[en|dis]able_[phys|regulators] functions.
> */
> - if (!child_nodes)
> - hpriv->nports = 1;
> + hpriv->nports = child_nodes ?: 1;
>
> hpriv->phys = devm_kcalloc(dev, hpriv->nports, sizeof(*hpriv->phys), GFP_KERNEL);
> if (!hpriv->phys) {
Reviewed-by: Hannes Reinecke <hare@...e.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
Powered by blists - more mailing lists