From: Greg KH <gregkh@linuxfoundation.org>
To: Qiu-ji Chen <chenqiuji666@gmail.com>
Cc: linuxdrivers@attotech.com, James.Bottomley@hansenpartnership.com,
martin.petersen@oracle.com, linux-scsi@vger.kernel.org,
linux-kernel@vger.kernel.org, baijiaju1990@gmail.com,
stable@vger.kernel.org
Subject: Re: [PATCH] [SCSI] esas2r: fix possible buffer overflow caused by bad DMA value in esas2r_process_vda_ioctl()
Date: Thu, 7 Nov 2024 16:08:25 +0100 [thread overview]
Message-ID: <2024110706-spoilage-driven-7523@gregkh> (raw)
In-Reply-To: <20241107113617.402343-1-chenqiuji666@gmail.com>
On Thu, Nov 07, 2024 at 07:36:17PM +0800, Qiu-ji Chen wrote:
> In line 1854 of the file esas2r_ioctl.c, the function
> esas2r_process_vda_ioctl() is called with the parameter vi being assigned
> the value of a->vda_buffer. On line 1892, a->vda_buffer is stored in DMA
> memory with the statement
> a->vda_buffer = dma_alloc_coherent(&a->pcid->dev, ..., indicating that the
> parameter vi passed to the function is also stored in DMA memory. This
> suggests that the parameter vi could be altered at any time by malicious
> hardware.
As James pointed out, "malicious hardware" is not a threat model that
Linux worries about at this point in time, sorry.
If you wish to have Linux care about this, random driver changes like
this is not going to be the way forward, but rather, major things need
to be rearchitected in order to "protect" the kernel from bad hardware.
But really, if you can't trust the hardware, you have bigger problems,
any software can't protect you from that :)
sorry,
greg k-h
next prev parent reply other threads:[~2024-11-07 15:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 11:36 [PATCH] [SCSI] esas2r: fix possible buffer overflow caused by bad DMA value in esas2r_process_vda_ioctl() Qiu-ji Chen
2024-11-07 15:08 ` Greg KH [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-06-12 9:31 Huai-Yuan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024110706-spoilage-driven-7523@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=baijiaju1990@gmail.com \
--cc=chenqiuji666@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linuxdrivers@attotech.com \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox