From: Heiner Kallweit <hkallweit1@gmail.com>
To: Bjorn Helgaas <bhelgaas@google.com>
Cc: "linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"Krzysztof Wilczyński" <kw@linux.com>
Subject: Re: [PATCH v2] PCI/VPD: Add simple sanity check to pci_vpd_size()
Date: Wed, 17 Nov 2021 22:31:51 +0100 [thread overview]
Message-ID: <e3d20c2f-f1be-507e-5ddc-df3241aef1c0@gmail.com> (raw)
In-Reply-To: <223ffa56-7c2c-643a-d3a0-2175e85f6603@gmail.com>
On 13.10.2021 20:37, Heiner Kallweit wrote:
> We have a problem with a device where each VPD read returns 0x33 [0].
> This results in a valid VPD structure (except the tag id) and
> therefore pci_vpd_size() scans the full VPD address range.
> On an affected system this took ca. 80s.
>
> That's not acceptable, on the other hand we may not want to re-add
> the old tag checks. In addition these tag check still wouldn't be able
> to avoid the described scenario 100%.
> Instead let's add a simple sanity check on the number of found tags.
> A VPD image conforming to the PCI spec [1] can have max. 4 tags:
> id string, ro section, rw section, end tag.
>
> [0] https://lore.kernel.org/lkml/20210915223218.GA1542966@bjorn-Precision-5520/
> [1] PCI 3.0 I.3.1. VPD Large and Small Resource Data Tags
>
> Reviewed-by: Krzysztof Wilczyński <kw@linux.com>
> Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
> ---
> drivers/pci/vpd.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
> index a4fc4d069..921470611 100644
> --- a/drivers/pci/vpd.c
> +++ b/drivers/pci/vpd.c
> @@ -56,6 +56,7 @@ static size_t pci_vpd_size(struct pci_dev *dev)
> {
> size_t off = 0, size;
> unsigned char tag, header[1+2]; /* 1 byte tag, 2 bytes length */
> + int num_tags = 0;
>
> while (pci_read_vpd_any(dev, off, 1, header) == 1) {
> size = 0;
> @@ -63,6 +64,10 @@ static size_t pci_vpd_size(struct pci_dev *dev)
> if (off == 0 && (header[0] == 0x00 || header[0] == 0xff))
> goto error;
>
> + /* We can have max 4 tags: STRING_ID, RO, RW, END */
> + if (++num_tags > 4)
> + goto error;
> +
> if (header[0] & PCI_VPD_LRDT) {
> /* Large Resource Data Type Tag */
> if (pci_read_vpd_any(dev, off + 1, 2, &header[1]) != 2) {
>
Can this one be picked up for next?
next prev parent reply other threads:[~2021-11-17 21:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 18:37 [PATCH v2] PCI/VPD: Add simple sanity check to pci_vpd_size() Heiner Kallweit
2021-11-17 21:31 ` Heiner Kallweit [this message]
2021-11-17 22:19 ` Bjorn Helgaas
2021-11-17 22:41 ` Heiner Kallweit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3d20c2f-f1be-507e-5ddc-df3241aef1c0@gmail.com \
--to=hkallweit1@gmail.com \
--cc=bhelgaas@google.com \
--cc=kw@linux.com \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).