lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241002194004.GT1369530@ziepe.ca>
Date: Wed, 2 Oct 2024 16:40:04 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Nicolin Chen <nicolinc@...dia.com>
Cc: Yang Shi <yang@...amperecomputing.com>, james.morse@....com,
	will@...nel.org, robin.murphy@....com,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [v2 PATCH] iommu/arm-smmu-v3: Fix L1 stream table index
 calculation for 32-bit sid size

On Wed, Oct 02, 2024 at 12:22:48PM -0700, Nicolin Chen wrote:
> On Wed, Oct 02, 2024 at 12:04:32PM -0700, Yang Shi wrote:
> > > On Wed, Oct 02, 2024 at 10:55:14AM -0700, Yang Shi wrote:
> > > > +static inline unsigned int arm_smmu_strtab_max_sid(struct arm_smmu_device *smmu)
> > > > +{
> > > > +       return (1ULL << smmu->sid_bits);
> > > > +}
> > > > +
> > > Hmm, why ULL gets truncated to unsigned int here?
> > 
> > No particular reason, but it should be better to not truncate here. Will
> > fix it.
> 
> Yea, and looks like we are going to do with:
> static inline u64 arm_smmu_strtab_num_sids(struct arm_smmu_device *smmu);
> 
> Then let's be careful at those return-value holders too:
> -----------------------------------------------------------
> static int arm_smmu_init_strtab_linear(struct arm_smmu_device *smmu)
> {
> 	u32 size;
> 	struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
> 
> 	size = (1 << smmu->sid_bits) * sizeof(struct arm_smmu_ste);
>         ^^^^
>         overflow?
> [...]
> 	cfg->linear.num_ents = 1 << smmu->sid_bits;
>                     ^^^^^^^^
>                     This is u32
> -----------------------------------------------------------

It would make some sense to have something like:

 u64 size = arm_smmu_strtab_max_sid()

 /* Would require too much memory */
 if (size > SZ_512M)
    return -EINVAL;

Just to reject bad configuration rather than truncate the allocation
and overflow STE array memory or something. Having drivers be robust
to this kind of stuff is a confidential compute topic :\

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ