[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y80WtujnO7kfduAZ@kroah.com>
Date: Sun, 22 Jan 2023 11:57:58 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Leon Romanovsky <leon@...nel.org>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
Marc Zyngier <maz@...nel.org>, darwi@...utronix.de,
elena.reshetova@...el.com, kirill.shutemov@...ux.intel.com,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
stable@...r.kernel.org
Subject: Re: [PATCH 1/2] PCI/MSI: Cache the MSIX table size
On Sun, Jan 22, 2023 at 11:00:04AM +0200, Leon Romanovsky wrote:
> On Thu, Jan 19, 2023 at 07:06:32PM +0200, Alexander Shishkin wrote:
> > A malicious device can change its MSIX table size between the table
> > ioremap() and subsequent accesses, resulting in a kernel page fault in
> > pci_write_msg_msix().
> >
> > To avoid this, cache the table size observed at the moment of table
> > ioremap() and use the cached value. This, however, does not help drivers
> > that peek at the PCIE_MSIX_FLAGS register directly.
> >
> > Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> > Reviewed-by: Mika Westerberg <mika.westerberg@...ux.intel.com>
> > Cc: stable@...r.kernel.org
> > ---
> > drivers/pci/msi/api.c | 7 ++++++-
> > drivers/pci/msi/msi.c | 2 +-
> > include/linux/pci.h | 1 +
> > 3 files changed, 8 insertions(+), 2 deletions(-)
>
> I'm not security expert here, but not sure that this protects from anything.
> 1. Kernel relies on working and not-malicious HW. There are gazillion ways
> to cause crashes other than changing MSI-X.
Linux does NOT protect from malicious PCIe devices at this point in
time, you are correct. If we wish to change that model, then we can
work on that with the explict understanding that most all drivers will
need to change as will the bus logic for the busses involved.
To do piece-meal patches like this for no good reason is not a good idea
as it achieves nothing in the end :(
thanks,
greg k-h
Powered by blists - more mailing lists