| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87cyj8p8tq.ffs@tglx>
Date: Wed, 06 Nov 2024 18:32:01 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: Dullfire <dullfire@...oo.com>, Bjorn Helgaas <helgaas@...nel.org>
Cc: davem@...emloft.net, sparclinux@...r.kernel.org, netdev@...r.kernel.org,
linux-pci@...r.kernel.org
Subject: Re: Kernel panic with niu module
On Wed, Nov 06 2024 at 10:04, dullfire@...oo.com wrote:
>> 7d5ec3d36123 had the mask_all() invocation _before_ setting up the the
>> entries and reading back the descriptors. So that commit cannot break
>> the niu device when your problem analysis is correct.
>
> In 7d5ec3d36123 (and later) msix_mask_all() only writes to
> PCI_MSIX_ENTRY_VECTOR_CTRL. I have tried all the MSIX registers, and only
> writes to PCI_MSIX_ENTRY_DATA were able to prevent a fatal trap on a read.
> However the only write to PCI_MSIX_ENTRY_DATA I see is in
> __pci_write_msi_msg() for 7d5ec3d36123, or pci_write_msg_msix(), in 6.11.5.
Yuck. They really went a great lenght to make this hard to handle.
Something like the obviously uncompiled below should work.
Thanks,
tglx
---
--- a/drivers/pci/msi/msi.c
+++ b/drivers/pci/msi/msi.c
@@ -611,6 +611,8 @@ void msix_prepare_msi_desc(struct pci_de
if (desc->pci.msi_attrib.can_mask) {
void __iomem *addr = pci_msix_desc_addr(desc);
+ if (dev->dev_flags & PCI_MSIX_TOUCH_ENTRY_DATA_FIRST)
+ writel(0x0, addr + PCI_MSIX_ENTRY_DATA);
desc->pci.msix_ctrl = readl(addr + PCI_MSIX_ENTRY_VECTOR_CTRL);
}
}
Powered by blists - more mailing lists