From: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
To: Ian Munsie <imunsie@au1.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>, mikey <mikey@neuling.org>,
linuxppc-dev@lists.ozlabs.org,
Frederic Barrat <frederic.barrat@fr.ibm.com>,
Huy Nguyen <huyn@mellanox.com>
Subject: Re: [PATCH 1/2] cxl: Fix allowing bogus AFU descriptors with 0 maximum processes
Date: Wed, 29 Jun 2016 18:06:21 +0200 [thread overview]
Message-ID: <5773F1FD.8060901@linux.vnet.ibm.com> (raw)
In-Reply-To: <1467202586-13412-1-git-send-email-imunsie@au.ibm.com>
Le 29/06/2016 14:16, Ian Munsie a écrit :
> From: Ian Munsie <imunsie@au1.ibm.com>
>
> If the AFU descriptor of an AFU directed AFU indicates that it supports
> 0 maximum processes, we will accept that value and attempt to use it.
> The SPA will still be allocated (with 2 pages due to another minor bug
> and room for 958 processes), and when a context is allocated we will
> pass the value of 0 to idr_alloc as the maximum. However, idr_alloc will
> treat that as meaning no maximum and will allocate a context number and
> we return a valid context.
>
> Conceivably, this could lead to a buffer overflow of the SPA if more
> than 958 contexts were allocated, however this is mitigated by the fact
> that there are no known AFUs in the wild with a bogus AFU descriptor
> like this, and that only the root user is allowed to flash an AFU image
> to a card.
>
> Add a check when validating the AFU descriptor to reject any with 0
> maximum processes.
>
> We do still allow a dedicated process only AFU to indicate that it
> supports 0 contexts even though that is forbidden in the architecture,
> as in that case we ignore the value and use 1 instead. This is just on
> the off-chance that such a dedicated process AFU may exist (not that I
> am aware of any), since their developers are less likely to have cared
> about this value at all.
>
> Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
next prev parent reply other threads:[~2016-06-29 16:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-29 12:16 [PATCH 1/2] cxl: Fix allowing bogus AFU descriptors with 0 maximum processes Ian Munsie
2016-06-29 12:16 ` [PATCH 2/2] cxl: Fix allocating a minimum of 2 pages for the SPA Ian Munsie
2016-06-29 16:06 ` Frederic Barrat
2016-06-29 23:07 ` Andrew Donnellan
2016-07-11 10:19 ` [2/2] " Michael Ellerman
2016-06-29 16:06 ` Frederic Barrat [this message]
2016-06-29 22:35 ` [PATCH 1/2] cxl: Fix allowing bogus AFU descriptors with 0 maximum processes Andrew Donnellan
2016-07-11 10:19 ` [1/2] " Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5773F1FD.8060901@linux.vnet.ibm.com \
--to=fbarrat@linux.vnet.ibm.com \
--cc=frederic.barrat@fr.ibm.com \
--cc=huyn@mellanox.com \
--cc=imunsie@au1.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mikey@neuling.org \
--cc=mpe@ellerman.id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.