From: Mika Westerberg <mika.westerberg@linux.intel.com>
To: Wenwen Wang <wang6495@umn.edu>
Cc: Kangjie Lu <kjlu@umn.edu>,
andreas.noever@gmail.com, michael.jamet@intel.com,
YehezkelShB@gmail.com, open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] thunderbolt: Fix a missing-check bug
Date: Mon, 22 Oct 2018 10:58:00 +0300 [thread overview]
Message-ID: <20181022075800.GJ2302@lahna.fi.intel.com> (raw)
In-Reply-To: <CAAa=b7f-Q2ySZt2vqa1L2GyTA1FrT7+7_ui-eSLEYgN6iXSTFQ@mail.gmail.com>
On Fri, Oct 19, 2018 at 04:25:01PM -0500, Wenwen Wang wrote:
> Hi Mika,
Hi,
> Thanks for your response. The current version of the code assumes that
> the Thunderbolt controller behaves as expected, e.g., the host
> controller should not touch the data after it is marked ready.
> However, it is not impossible that the controller is exploited by an
> attacker through a security vulnerability, even though it is soldered
> on the motherboard. In that case, the controller may behave in an
> unexpected way and this bug will offer more opportunities for the
> attacker.
That would require the attacker to dissassemble the laptop case or
similar in case of desktop system. That's already something we cannot
protect against.
Furthermore this would apply to all DMA capable devices such as the xHCI
controller typically part of the Thunderbolt host router or every single
network card but I have not seen fixes like this on network side
(probably because there is really no need).
If the attacker could somehow say, replace the firmware on the
Thunderbolt host router then I suppose they could just go and overwrite
the extra protection you did in this patch (or probably do something
worse since they can access all the system memory).
So all in all I don't think this is something we would need to deal
with.
Situation is totally different if you manage to connecte external
devices that can do DMA (which is pretty much what Thunderbolt for
example allows) but for those we already have security of some sort
implemented.
Thanks!
next prev parent reply other threads:[~2018-10-22 7:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 14:00 [PATCH] thunderbolt: Fix a missing-check bug Wenwen Wang
2018-10-18 9:13 ` Mika Westerberg
2018-10-19 21:25 ` Wenwen Wang
2018-10-20 18:47 ` Yehezkel Bernat
2018-10-22 7:58 ` Mika Westerberg [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-10-20 17:55 Wenwen Wang
2018-10-22 8:04 ` Mika Westerberg
2018-10-22 13:02 ` Wenwen Wang
2018-10-20 18:38 [PATCH] thunderbolt: fix " Wenwen Wang
2018-10-22 8:05 ` Mika Westerberg
2018-10-20 19:47 Wenwen Wang
2018-10-22 8:05 ` Mika Westerberg
2018-10-20 20:15 Wenwen Wang
2018-10-22 8:06 ` Mika Westerberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181022075800.GJ2302@lahna.fi.intel.com \
--to=mika.westerberg@linux.intel.com \
--cc=YehezkelShB@gmail.com \
--cc=andreas.noever@gmail.com \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.jamet@intel.com \
--cc=wang6495@umn.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox