lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aPI5l0whaAIJGaSw@wunner.de>
Date: Fri, 17 Oct 2025 14:41:59 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Tomita Moeko <tomitamoeko@...il.com>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/pci: Check signature before assigning shadow ROM

On Thu, Oct 16, 2025 at 04:19:00PM +0800, Tomita Moeko wrote:
> Recent IGD platforms without VBIOS or UEFI CSM support do not contain
> VGA ROM at 0xC0000. Check whether the VGA ROM region is a valid PCI
> option ROM with 0xAA55 signature before assigning the shadow ROM to
> the default PCI VGA controller.
[...]
> +++ b/arch/x86/pci/fixup.c
> @@ -357,6 +357,18 @@ static void pci_fixup_video(struct pci_dev *pdev)
>  	struct pci_bus *bus;
>  	u16 config;
>  	struct resource *res;
> +	void *rom;
> +	u16 sig;
> +
> +	/* Does VBIOS region contain a valid PCI ROM? */
> +	rom = memremap(0xC0000, sizeof(sig), MEMREMAP_WB);
> +	if (!rom)
> +		return;
> +
> +	memcpy(&sig, rom, sizeof(sig));
> +	memunmap(rom);
> +	if (sig != 0xAA55)
> +		return;
>  
>  	/* Is VGA routed to us? */
>  	bus = pdev->bus;

I have to ask again, in arch/x86/kernel/probe_roms.c:probe_roms(),
the signature is already verified.  If it doesn't match, the
video_rom_resource isn't added to iomem_resource.

Which makes me wonder, wouldn't it be sufficient to just do
something like:

	if (!lookup_resource(&iomem_resource, 0xC0000))
		return;

Another thought I have, I'd move the code you're inserting further
down, perhaps after the while-loop.  Actually the existing code
isn't very pretty, there should be a return after failure of the
vga_default_device checks and after the Command register check
so that the actual resource adjustment doesn't need to be indented.

Thanks,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ