lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b0028d72d839e4053e1493f02dd4197cf5005c91.camel@siemens.com>
Date: Fri, 7 Nov 2025 13:44:17 +0000
From: "Sverdlin, Alexander" <alexander.sverdlin@...mens.com>
To: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"christophe.leroy@...roup.eu" <christophe.leroy@...roup.eu>, "arnd@...db.de"
	<arnd@...db.de>
CC: "hui.wang@...onical.com" <hui.wang@...onical.com>, "mwalle@...nel.org"
	<mwalle@...nel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "florent.trinh-thai@...soprasteria.com"
	<florent.trinh-thai@...soprasteria.com>
Subject: Re: [PATCH] eeprom: at25: convert to spi-mem API

Hi Arnd,

On Fri, 2025-11-07 at 14:08 +0100, Arnd Bergmann wrote:
> > Christophe, while I'm trying to get my hands on a PPC32 HW similar to 
> > yours, would
> > you be able to test with CONFIG_DMA_API_DEBUG=y? The fact the KASAN 
> > doesn't detect
> > anything after the fix to spi-fsl-cpm you've mentioned makes me think 
> > the corruption
> > is external to CPU core? Will you post you fix to fsl-cpm code?
> 
> I had a look over the patch and don't didn't see anything extra
> suspicious, but I wonder if this is possibly a problem with a DMA
> to stack, as Christophe mentioned this showing up on a system with
> VMAP_STACK=y.
> 
> If for some reason the original driver used to bounce the data while
> the current version attempts a DMA, that may lead to arbitrary
> data corruption from the invalid virt_to_phys(vmalloc_pointer)
> conversion.

I've thought about this as well, but in my patch I actually add
and additional bounce buffer, comparing to the original code:

https://lore.kernel.org/all/d5be177d-505d-4d72-9d18-913e69c23ea8@app.fastmail.com/

> The opposite might be true as well: if the 'val' pointer passed
> into the read/write functions was previously detected as
> needing a bounce buffer down the stack (spi core or spi
> master driver) but now the added 'bounce' allocation gets
> passed directly into a dma engine, that may also fail if the
> GFP_KERNEL allocation is not sufficient for the range or
> alignment requirements of the DMA master.
> 
> Christophe, do you know the CPM DMA has any restrictions
> there, e.g. needing a GFP_DMA allocation?

-- 
Alexander Sverdlin
Siemens AG
www.siemens.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ