From: "Reshetova, Elena" <elena.reshetova@intel.com>
To: Greg KH <gregkh@linuxfoundation.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Leon Romanovsky <leon@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Marc Zyngier <maz@kernel.org>,
"darwi@linutronix.de" <darwi@linutronix.de>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
"Mika Westerberg" <mika.westerberg@linux.intel.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH 1/2] PCI/MSI: Cache the MSIX table size
Date: Wed, 25 Jan 2023 12:33:04 +0000 [thread overview]
Message-ID: <DM8PR11MB5750F5873EA182A28ABC7701E7CE9@DM8PR11MB5750.namprd11.prod.outlook.com> (raw)
In-Reply-To: <Y8/6InIxcpwM5u2M@kroah.com>
> On Tue, Jan 24, 2023 at 01:52:37PM +0200, Alexander Shishkin wrote:
> > Leon Romanovsky <leon@kernel.org> writes:
> >
> > > On Thu, Jan 19, 2023 at 07:06:32PM +0200, Alexander Shishkin wrote:
> > >> A malicious device can change its MSIX table size between the table
> > >> ioremap() and subsequent accesses, resulting in a kernel page fault in
> > >> pci_write_msg_msix().
> > >>
> > >> To avoid this, cache the table size observed at the moment of table
> > >> ioremap() and use the cached value. This, however, does not help drivers
> > >> that peek at the PCIE_MSIX_FLAGS register directly.
> > >>
> > >> Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
> > >> Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
> > >> Cc: stable@vger.kernel.org
> > >> ---
> > >> drivers/pci/msi/api.c | 7 ++++++-
> > >> drivers/pci/msi/msi.c | 2 +-
> > >> include/linux/pci.h | 1 +
> > >> 3 files changed, 8 insertions(+), 2 deletions(-)
> > >
> > > I'm not security expert here, but not sure that this protects from anything.
> > > 1. Kernel relies on working and not-malicious HW. There are gazillion ways
> > > to cause crashes other than changing MSI-X.
> >
> > This particular bug was preventing our fuzzing from going deeper into
> > the code and reaching some more of the aforementioned gazillion bugs.
>
> As per our documentation, if you are "fixing" things based on a tool you
> have, you HAVE TO document that in the changelog. Otherwise we just get
> to reject the patch flat out (hint, this has caused more than one group
> of developers to just be flat out banned for ignoring...)
>
> And what kind of tool is now fuzzing PCI config accesses with
> "malicious" devices? Again, this is NOT something that Linux currently
> even attempts to want to protect itself against. If you are wanting to
> change that model, wonderful, let's discuss that and work on defining
> the scope of your new security threat model and go from there. Don't
> throw random patches at us and expect us to think they are even valid.
>
> Again, Linux trusts PCI devices. If you don't want to trust PCI
> devices, we already have a framework in place to prevent that which is
> independant of this area of the PCI code. Use that, or let's discuss
> why that is insufficient.
Sure, I have started a new thread on this in
https://lore.kernel.org/all/DM8PR11MB57505481B2FE79C3D56C9201E7CE9@DM8PR11MB5750.namprd11.prod.outlook.com/
I think it is much bigger topic to discuss, so better be handled separately.
Best Regards,
Elena.
next prev parent reply other threads:[~2023-01-25 12:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 17:06 [PATCH 0/2] PCI/MSI: Hardening fixes Alexander Shishkin
2023-01-19 17:06 ` [PATCH 1/2] PCI/MSI: Cache the MSIX table size Alexander Shishkin
2023-01-22 9:00 ` Leon Romanovsky
2023-01-22 10:57 ` Marc Zyngier
2023-01-22 15:34 ` David Laight
2023-01-24 11:59 ` Alexander Shishkin
2023-01-22 10:57 ` Greg KH
2023-01-23 10:22 ` Jonathan Cameron
2023-01-24 11:52 ` Alexander Shishkin
2023-01-24 12:10 ` Leon Romanovsky
2023-01-24 12:42 ` Alexander Shishkin
2023-01-24 12:59 ` Leon Romanovsky
2023-01-24 15:28 ` Alexander Shishkin
2023-01-24 15:32 ` Greg KH
2023-01-25 12:33 ` Reshetova, Elena [this message]
2023-01-19 17:06 ` [PATCH 2/2] PCI/MSI: Validate device supplied MSI table offset and size Alexander Shishkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM8PR11MB5750F5873EA182A28ABC7701E7CE9@DM8PR11MB5750.namprd11.prod.outlook.com \
--to=elena.reshetova@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=darwi@linutronix.de \
--cc=gregkh@linuxfoundation.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=maz@kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.