lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <646143dcb1fc2abe8b53172bb8ac24fe54246dda.camel@HansenPartnership.com>
Date: Thu, 07 Nov 2024 09:32:52 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Qiu-ji Chen <chenqiuji666@...il.com>, linuxdrivers@...otech.com, 
	martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, 
	baijiaju1990@...il.com, stable@...r.kernel.org
Subject: Re: [PATCH v2] [SCSI] esas2r: fix possible array out-of-bounds
 caused by bad DMA value in esas2r_process_vda_ioctl()

On Thu, 2024-11-07 at 22:16 +0800, Qiu-ji Chen wrote:
> In line 1854 of the file esas2r_ioctl.c, the function 
> esas2r_process_vda_ioctl() is called with the parameter vi being
> assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is
> stored in DMA memory with the statement a->vda_buffer =
> dma_alloc_coherent(&a->pcid->dev, ..., indicating that the 
> parameter vi passed to the function is also stored in DMA memory.
> This suggests that the parameter vi could be altered at any time by
> malicious hardware.

Absent a specific threat (such as TPM with an interposer) this isn't a
vector the kernel protects against (we have to believe what hardware
says unless we know it to be specifically buggy about something). 
However, even supposing a PCI Interposer were considered a threat, the
answer now is hardware based: SPDM/PCI-IDE.

Regards,

James


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ