From: Borislav Petkov <bp@suse.de>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Bjorn Helgaas <bhelgaas@google.com>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] PCI/AER: Avoid info leak in __print_tlp_header
Date: Wed, 25 Feb 2015 19:54:23 +0100 [thread overview]
Message-ID: <20150225185423.GA19236@pd.tnic> (raw)
In-Reply-To: <1424818246-11841-1-git-send-email-linux@rasmusvillemoes.dk>
On Tue, Feb 24, 2015 at 11:50:46PM +0100, Rasmus Villemoes wrote:
> Commit fab4c256a58b ("PCI/AER: Add a TLP header print helper")
> introduced the helper function __print_tlp_header, but contrary to the
> intention, the behaviour did change: Since we're taking the address of
Whoops, good catch.
> the parameter t, the first 4 or 8 bytes printed will be the value of
> the pointer t itself, and the remaining 12 or 8 bytes will be
> who-knows-what (something from the stack).
>
> We want to treat the four members of the struct aer_header_log_regs as
> little-endian 32 bit numbers and print those. That can be done without
> ugly and confusing casts.
>
> Fixes: fab4c256a58b ("PCI/AER: Add a TLP header print helper")
> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> ---
> drivers/pci/pcie/aer/aerdrv_errprint.c | 13 +++----------
> 1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/pci/pcie/aer/aerdrv_errprint.c b/drivers/pci/pcie/aer/aerdrv_errprint.c
> index c6849d9e86ce..e328978038c1 100644
> --- a/drivers/pci/pcie/aer/aerdrv_errprint.c
> +++ b/drivers/pci/pcie/aer/aerdrv_errprint.c
> @@ -132,16 +132,9 @@ static const char *aer_agent_string[] = {
> static void __print_tlp_header(struct pci_dev *dev,
> struct aer_header_log_regs *t)
> {
> - unsigned char *tlp = (unsigned char *)&t;
> -
> - dev_err(&dev->dev, " TLP Header:"
> - " %02x%02x%02x%02x %02x%02x%02x%02x"
> - " %02x%02x%02x%02x %02x%02x%02x%02x\n",
> - *(tlp + 3), *(tlp + 2), *(tlp + 1), *tlp,
> - *(tlp + 7), *(tlp + 6), *(tlp + 5), *(tlp + 4),
> - *(tlp + 11), *(tlp + 10), *(tlp + 9),
> - *(tlp + 8), *(tlp + 15), *(tlp + 14),
> - *(tlp + 13), *(tlp + 12));
> + dev_err(&dev->dev, " TLP Header: %08x %08x %08x %08x\n",
> + le32_to_cpu(t->dw0), le32_to_cpu(t->dw1),
> + le32_to_cpu(t->dw2), le32_to_cpu(t->dw3));
I'm not sure about this: I think the original intention was to dump the
dwords MS-bit to LS-bit like this here:
http://www.fpga4fun.com/PCI-Express4.html
Now, if this runs on a big endian machine, converting to CPU order would
be wrong IMHO. You'd rather want do do cpu_to_le32() for consistency.
But I don't know whether big endian machines are even sporting PCIE
AER...
Bjorn?
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
next prev parent reply other threads:[~2015-02-25 18:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-24 22:50 [PATCH] PCI/AER: Avoid info leak in __print_tlp_header Rasmus Villemoes
2015-02-25 18:54 ` Borislav Petkov [this message]
2015-02-25 20:18 ` Bjorn Helgaas
2015-02-25 21:06 ` Luck, Tony
2015-02-25 21:06 ` Luck, Tony
2015-02-25 22:59 ` Borislav Petkov
2015-02-26 8:55 ` [PATCH v2] " Rasmus Villemoes
2015-02-26 12:27 ` Borislav Petkov
2015-03-06 18:33 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150225185423.GA19236@pd.tnic \
--to=bp@suse.de \
--cc=bhelgaas@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.