| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jul 2019 14:51:27 -0700
From: Shannon Nelson <snelson@...sando.io>
To: Andrew Lunn <andrew@...n.ch>
Cc: netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH v4 net-next 13/19] ionic: Add initial ethtool support
On 7/25/19 6:35 AM, Andrew Lunn wrote:
>> +static int ionic_get_module_eeprom(struct net_device *netdev,
>> + struct ethtool_eeprom *ee,
>> + u8 *data)
>> +{
>> + struct lif *lif = netdev_priv(netdev);
>> + struct ionic_dev *idev = &lif->ionic->idev;
>> + struct xcvr_status *xcvr;
>> + u32 len;
>> +
>> + /* The NIC keeps the module prom up-to-date in the DMA space
>> + * so we can simply copy the module bytes into the data buffer.
>> + */
>> + xcvr = &idev->port_info->status.xcvr;
>> + len = min_t(u32, sizeof(xcvr->sprom), ee->len);
>> + memcpy(data, xcvr->sprom, len);
>> +
>> + return 0;
>> +}
> Is the firmware doing this DMA update atomically? The diagnostic
> values are u16s. Is there any chance we do this memcpy at the same
> time the DMA is active and we get a mix of old and new data?
>
> Often in cases like this you do the copy twice and ensure you get the
> same values each time. If not, keep repeating the copy until you do
> get the same values twice.
Regardless of how the structs are all aligned and our PCI block does
large writes, I can see how an unoptimized memcpy() that is doing
byte-by-byte copy rather than by words might result in a mangled value.
I think this is the only buffer that may be susceptible to this. Sure,
doing a double copy should work here.
sln
Powered by blists - more mailing lists