| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250326074450.937819-1-lizhijian@fujitsu.com>
Date: Wed, 26 Mar 2025 15:44:50 +0800
From: Li Zhijian <lizhijian@...itsu.com>
To: linux-cxl@...r.kernel.org
Cc: Jonathan Cameron <jonathan.cameron@...wei.com>,
Dave Jiang <dave.jiang@...el.com>,
Alison Schofield <alison.schofield@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>,
Ira Weiny <ira.weiny@...el.com>,
Dan Williams <dan.j.williams@...el.com>,
linux-kernel@...r.kernel.org,
Li Zhijian <lizhijian@...itsu.com>
Subject: [PATCH] cxl/acpi: Verify CHBS length for CXL2.0
Per CXL Spec r3.1 Table 9-21, both CXL1.1 and CXL2.0 have defined their
own length, verify it to avoid an invalid CHBS
This patch also wraps some sanity checks into a function.
Signed-off-by: Li Zhijian <lizhijian@...itsu.com>
---
drivers/cxl/acpi.c | 45 +++++++++++++++++++++++++++++----------------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git a/drivers/cxl/acpi.c b/drivers/cxl/acpi.c
index cb14829bb9be..4a82d2d8b547 100644
--- a/drivers/cxl/acpi.c
+++ b/drivers/cxl/acpi.c
@@ -11,8 +11,6 @@
#include "cxlpci.h"
#include "cxl.h"
-#define CXL_RCRB_SIZE SZ_8K
-
struct cxl_cxims_data {
int nr_maps;
u64 xormaps[] __counted_by(nr_maps);
@@ -468,8 +466,35 @@ struct cxl_chbs_context {
u32 cxl_version;
int nr_versions;
u32 saved_version;
+ u32 length;
};
+static bool cxl_chbs_verify(struct device *dev, struct cxl_chbs_context ctx)
+{
+ if (ctx.cxl_version == UINT_MAX) {
+ dev_warn(dev, "No CHBS found for Host Bridge (UID %lld)\n",
+ ctx.uid);
+ return false;
+ }
+
+ if (ctx.base == CXL_RESOURCE_NONE) {
+ dev_warn(dev, "CHBS invalid for Host Bridge (UID %lld)\n",
+ ctx.uid);
+ return false;
+ }
+
+ if ((ctx.cxl_version == ACPI_CEDT_CHBS_VERSION_CXL11 &&
+ ctx.length != ACPI_CEDT_CHBS_LENGTH_CXL11) ||
+ (ctx.cxl_version == ACPI_CEDT_CHBS_VERSION_CXL20 &&
+ ctx.length != ACPI_CEDT_CHBS_LENGTH_CXL20)) {
+ dev_warn(dev, "Invalid length for Host Bridge (UID %lld)\n",
+ ctx.uid);
+ return false;
+ }
+
+ return true;
+}
+
static int cxl_get_chbs_iter(union acpi_subtable_headers *header, void *arg,
const unsigned long end)
{
@@ -478,10 +503,6 @@ static int cxl_get_chbs_iter(union acpi_subtable_headers *header, void *arg,
chbs = (struct acpi_cedt_chbs *) header;
- if (chbs->cxl_version == ACPI_CEDT_CHBS_VERSION_CXL11 &&
- chbs->length != CXL_RCRB_SIZE)
- return 0;
-
if (!chbs->base)
return 0;
@@ -502,6 +523,7 @@ static int cxl_get_chbs_iter(union acpi_subtable_headers *header, void *arg,
ctx->cxl_version = chbs->cxl_version;
ctx->base = chbs->base;
+ ctx->length = chbs->length;
return 0;
}
@@ -570,17 +592,8 @@ static int add_host_bridge_dport(struct device *match, void *arg)
if (rc)
return rc;
- if (ctx.cxl_version == UINT_MAX) {
- dev_warn(match, "No CHBS found for Host Bridge (UID %lld)\n",
- ctx.uid);
- return 0;
- }
-
- if (ctx.base == CXL_RESOURCE_NONE) {
- dev_warn(match, "CHBS invalid for Host Bridge (UID %lld)\n",
- ctx.uid);
+ if (!cxl_chbs_verify(match, ctx))
return 0;
- }
pci_root = acpi_pci_find_root(hb->handle);
bridge = pci_root->bus->bridge;
--
2.47.0
Powered by blists - more mailing lists