[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <646143dcb1fc2abe8b53172bb8ac24fe54246dda.camel@HansenPartnership.com>
Date: Thu, 07 Nov 2024 09:32:52 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Qiu-ji Chen <chenqiuji666@...il.com>, linuxdrivers@...otech.com,
martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
baijiaju1990@...il.com, stable@...r.kernel.org
Subject: Re: [PATCH v2] [SCSI] esas2r: fix possible array out-of-bounds
caused by bad DMA value in esas2r_process_vda_ioctl()
On Thu, 2024-11-07 at 22:16 +0800, Qiu-ji Chen wrote:
> In line 1854 of the file esas2r_ioctl.c, the function
> esas2r_process_vda_ioctl() is called with the parameter vi being
> assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is
> stored in DMA memory with the statement a->vda_buffer =
> dma_alloc_coherent(&a->pcid->dev, ..., indicating that the
> parameter vi passed to the function is also stored in DMA memory.
> This suggests that the parameter vi could be altered at any time by
> malicious hardware.
Absent a specific threat (such as TPM with an interposer) this isn't a
vector the kernel protects against (we have to believe what hardware
says unless we know it to be specifically buggy about something).
However, even supposing a PCI Interposer were considered a threat, the
answer now is hardware based: SPDM/PCI-IDE.
Regards,
James
Powered by blists - more mailing lists