| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <32f38caf-8cc3-2e4c-668f-f36552b7cffe@amd.com>
Date: Fri, 16 Aug 2024 15:37:14 +0100
From: Alejandro Lucero Palau <alucerop@....com>
To: Jonathan Cameron <Jonathan.Cameron@...wei.com>,
alejandro.lucero-palau@....com
Cc: linux-cxl@...r.kernel.org, netdev@...r.kernel.org,
dan.j.williams@...el.com, martin.habets@...inx.com, edward.cree@....com,
davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
edumazet@...gle.com, richard.hughes@....com
Subject: Re: [PATCH v2 05/15] cxl: fix use of resource_contains
On 8/4/24 18:25, Jonathan Cameron wrote:
> On Mon, 15 Jul 2024 18:28:25 +0100
> <alejandro.lucero-palau@....com> wrote:
>
>> From: Alejandro Lucero <alucerop@....com>
>>
>> For a resource defined with size zero, resource contains will also
>> return true.
>>
>> Add resource size check before using it.
>>
>> Signed-off-by: Alejandro Lucero <alucerop@....com>
> If this can happen in existing type 3 case the fixes tag
> and send it separately from this series.
I have been looking at this possibility and although not with 100%
certainty, I would say it is not for Type3.
"Type3 regions" are (usually) created from user space, and:
1) if it is RAM, dax code is invoked for creating the region
2) if it is pmem, pmem region creation code is invoked.
None of these possibilities use the affected code in this patch.
There exist two options where that code could be used by Type3, which
are confusing:
1) regions created during device initialization, but for that the
decoder needs to be committed and it is not expected for Type3 without
user space intervention.
2) when emulating an hdm decoder, what I think it is not possible for
Type3 since it is mandatory.
Finally we have code when sysfs dpa_size file is written, which I'm not
familiar with.
> If there is no path due to some external code, then
> drop the word fix from the title and call it
>
> cxl: harden resource_contains checks to handle zero size resources
After the explanation above, I will do as you say.
Thanks!
> Avoids it getting backported into stable / distros picking it
> up if there isn't a real issue before this series.
>
> Thanks,
>
> Jonathan
>
>> ---
>> drivers/cxl/core/hdm.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/cxl/core/hdm.c b/drivers/cxl/core/hdm.c
>> index 3df10517a327..4af9225d4b59 100644
>> --- a/drivers/cxl/core/hdm.c
>> +++ b/drivers/cxl/core/hdm.c
>> @@ -327,10 +327,13 @@ static int __cxl_dpa_reserve(struct cxl_endpoint_decoder *cxled,
>> cxled->dpa_res = res;
>> cxled->skip = skipped;
>>
>> - if (resource_contains(&cxlds->pmem_res, res))
>> + if ((resource_size(&cxlds->pmem_res)) && (resource_contains(&cxlds->pmem_res, res))) {
>> + printk("%s: resource_contains CXL_DECODER_PMEM\n", __func__);
>> cxled->mode = CXL_DECODER_PMEM;
>> - else if (resource_contains(&cxlds->ram_res, res))
>> + } else if ((resource_size(&cxlds->ram_res)) && (resource_contains(&cxlds->ram_res, res))) {
>> + printk("%s: resource_contains CXL_DECODER_RAM\n", __func__);
>> cxled->mode = CXL_DECODER_RAM;
>> + }
>> else {
>> dev_warn(dev, "decoder%d.%d: %pr mixed mode not supported\n",
>> port->id, cxled->cxld.id, cxled->dpa_res);
Powered by blists - more mailing lists