lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y3UdO8/oaEnlEk7s@agluck-desk3.sc.intel.com>
Date:   Wed, 16 Nov 2022 09:26:19 -0800
From:   Tony Luck <tony.luck@...el.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Jithu Joseph <jithu.joseph@...el.com>, hdegoede@...hat.com,
        markgross@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
        gregkh@...uxfoundation.org, ashok.raj@...el.com,
        linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org,
        patches@...ts.linux.dev, ravi.v.shankar@...el.com,
        thiago.macieira@...el.com, athenas.jimenez.gonzalez@...el.com,
        sohil.mehta@...el.com
Subject: Re: [PATCH v2 09/14] platform/x86/intel/ifs: Use generic microcode
 headers and functions

On Fri, Nov 11, 2022 at 05:23:48PM +0100, Borislav Petkov wrote:
> On Mon, Nov 07, 2022 at 02:53:18PM -0800, Jithu Joseph wrote:
> >  static int scan_chunks_sanity_check(struct device *dev)
> >  {
> > -	int metadata_size, curr_pkg, cpu, ret = -ENOMEM;
> >  	struct ifs_data *ifsd = ifs_get_data(dev);
> > +	int curr_pkg, cpu, ret = -ENOMEM;
> >  	bool *package_authenticated;
> >  	struct ifs_work local_work;
> > -	char *test_ptr;
> >  
> >  	package_authenticated = kcalloc(topology_max_packages(), sizeof(bool), GFP_KERNEL);
> >  	if (!package_authenticated)
> >  		return ret;
> 
> Bah, how big is that thing so that you can't simply do a bitfield on the
> stack here instead of kcalloc-ing?

Kernel is built with gcc options that prevent a variable sized local
array. So:

	DECLARE_BITMAP(auth, topology_max_packages());

grumbles:

drivers/platform/x86/intel/ifs/load.c:196:2: warning: ISO C90 forbids variable length array ‘ifs_auth2’ [-Wvla]

We could pick a likely big enough static number:

#define MAX_SUPPORTED_PACKAGES	128

	DECLARE_BITMAP(auth, MAX_SUPPORTED_PACKAGES);

and error out of this code if SGI or someone build a monster machine:

	if (topology_max_packages() > MAX_SUPPORTED_PACKAGES) {
		pr_error_once("IFS driver needs update to support this machine\n");
		return -E2BIG;
	}

That avoids the kcalloc() and making sure to kfree() in all error paths.

But seems a bit hacky.  Other ideas?

-Tony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ