From: Pavel Machek <pavel@ucw.cz>
To: Sean Young <sean@mess.org>
Cc: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>,
mchehab@kernel.org, linux-media@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] media: pci: ttpci: av7110: avoid compiler optimization of reading data[0] in debiirq()
Date: Wed, 9 Sep 2020 10:55:04 +0200 [thread overview]
Message-ID: <20200909085504.GC10891@amd> (raw)
In-Reply-To: <20200830083036.GA17715@gofer.mess.org>
[-- Attachment #1: Type: text/plain, Size: 908 bytes --]
On Sun 2020-08-30 09:30:36, Sean Young wrote:
> On Sun, Aug 30, 2020 at 04:20:42PM +0800, Jia-Ju Bai wrote:
> > In debiirq(), data_0 stores the value of data[0], but it can be dropped
> > by compiler optimization. Thus, data[0] is read through READ_ONCE().
> >
> > Fixes: 6499a0db9b0f ("media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq()")
> > Reported-by: Pavel Machek <pavel@ucw.cz>
>
> Pavel reported that your patch was garbage, if you are trying to defend
> against a malicious pci device. READ_ONCE() will not help here.
I would not use exactly those words, but agreed; we should have some
explanation that it is feasible to protect against malicious av7110
device, first.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
prev parent reply other threads:[~2020-09-09 8:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-30 8:20 [PATCH] media: pci: ttpci: av7110: avoid compiler optimization of reading data[0] in debiirq() Jia-Ju Bai
2020-08-30 8:30 ` Sean Young
2020-09-09 8:55 ` Pavel Machek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200909085504.GC10891@amd \
--to=pavel@ucw.cz \
--cc=baijiaju@tsinghua.edu.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=sean@mess.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.