| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <554CEB0C.40308@cumulusnetworks.com> Date: Fri, 08 May 2015 12:57:48 -0400 From: Jonathan Toppins <jtoppins@...ulusnetworks.com> To: "Rustad, Mark D" <mark.d.rustad@...el.com>, Alexander Duyck <alexander.duyck@...il.com> CC: "Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com>, "Nelson, Shannon" <shannon.nelson@...el.com>, "Wyborny, Carolyn" <carolyn.wyborny@...el.com>, "Skidmore, Donald C" <donald.c.skidmore@...el.com>, "Vick, Matthew" <matthew.vick@...el.com>, "Ronciak, John" <john.ronciak@...el.com>, "Williams, Mitch A" <mitch.a.williams@...el.com>, "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "gospo@...ulusnetworks.com" <gospo@...ulusnetworks.com>, "shm@...ulusnetworks.com" <shm@...ulusnetworks.com>, Alan Liebthal <alanl@...ulusnetworks.com> Subject: Re: [PATCH v1 net-next 2/2] igb: support SIOCSMIIREG On 5/7/15 4:46 PM, Rustad, Mark D wrote: >> On May 7, 2015, at 10:52 AM, Alexander Duyck <alexander.duyck@...il.com> wrote: >> >>> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c >>> index 720b785..1071a71 100644 >>> --- a/drivers/net/ethernet/intel/igb/igb_main.c >>> +++ b/drivers/net/ethernet/intel/igb/igb_main.c >>> @@ -7141,6 +7141,11 @@ static int igb_mii_ioctl(struct net_device *netdev, struct ifreq *ifr, int cmd) >>> return -EIO; >>> break; >>> case SIOCSMIIREG: >>> + adapter->hw.phy.addr = data->phy_id; >>> + if (igb_write_phy_reg(&adapter->hw, data->reg_num & 0x1F, >>> + data->val_in)) >>> + return -EIO; >>> + break; >>> default: >>> return -EOPNOTSUPP; >>> } >> >> How and why is this being used? From what I can tell it looks like it is an easy way to break any of the existing interfaces if it is misused since all you would need to do is specify a phy address that doesn't match the existing PHY in the system and then you would likely lose link, or possibly mess up the configuration on the system requiring. >> >> I suspect this is a back door for some piece of user space code that is being given far more permission than it should be. > > I don't know about a back door, but the real problem is that it has a > side-effect of changing the saved value of the phy addr. That is clearly > a problem and can't be allowed. This patch was worse before... it had changes in SIOGMIIREG that had similar side-effects, missed this one. Checking with some of the platform people here this patch can be dropped. We don't use it as a backdoor of any kind it was mainly used for debugging/guess-what-the-phy-addr-was when we originally got the boards. > > For the phylib stuff to really work as intended, the igb_write_phy_reg > really should take the phy address as a parameter instead of getting > the value from the structure itself. Or a new function should be > defined that has that interface. > > -- > Mark Rustad, Networking Division, Intel Corporation > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists