From: Stefan Richter <stefanr@s5r6.in-berlin.de>
To: linux1394-devel@lists.sourceforge.net
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 09/11] firewire: cdev: restrict broadcast write requests to Units Space
Date: Sun, 4 Jan 2009 16:30:03 +0100 (CET) [thread overview]
Message-ID: <tkrat.0035010cb99b6d5a@s5r6.in-berlin.de> (raw)
In-Reply-To: <tkrat.3905b2754a8fc519@s5r6.in-berlin.de>
We don't want random users write to Memory Space (e.g. PCs with physical
DMA filters down) or to core CSRs like Reset_Start.
This does not protect SBP-2 target CSRs. But properly behaving SBP-2
targets ignore broadcast write requests to these registers, and the
maximum damage which can happen with laxer targets is DOS. But there
are ways to create DOS situations anyway if there are devices with weak
device file permissions (like audio/video devices) present at the same
bus as an SBP-2 target.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
---
drivers/firewire/fw-cdev.c | 4 ++++
1 file changed, 4 insertions(+)
Index: linux/drivers/firewire/fw-cdev.c
===================================================================
--- linux.orig/drivers/firewire/fw-cdev.c
+++ linux/drivers/firewire/fw-cdev.c
@@ -1245,6 +1245,10 @@ static int ioctl_send_broadcast_request(
return -EINVAL;
}
+ /* Security policy: Only allow accesses to Units Space. */
+ if (request->offset < CSR_REGISTER_BASE + CSR_CONFIG_ROM_END)
+ return -EACCES;
+
return init_request(client, request, LOCAL_BUS | 0x3f, SCODE_100);
}
--
Stefan Richter
-=====-==--= ---= --=--
http://arcgraph.de/sr/
next prev parent reply other threads:[~2009-01-04 15:30 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-04 15:23 [PATCH 00/11] firewire: cdev: proposed ABI extensions Stefan Richter
2009-01-04 15:24 ` [PATCH 01/11] firewire: cdev: reference-count client instances Stefan Richter
2009-01-11 20:31 ` David Moore
2009-01-04 15:25 ` [PATCH 02/11] firewire: cdev: unify names of struct types and of their instances Stefan Richter
2009-01-04 15:25 ` [PATCH 03/11] firewire: cdev: sort includes Stefan Richter
2009-01-04 15:26 ` [PATCH 04/11] firewire: core: topology header fix Stefan Richter
2009-01-04 15:26 ` [PATCH 05/11] firewire: cdev: add ioctls for isochronous resource management Stefan Richter
[not found] ` <1231404355.18613.68.camel@localhost.localdomain>
[not found] ` <4965D58E.1050606@s5r6.in-berlin.de>
[not found] ` <496648EC.3060806@s5r6.in-berlin.de>
2009-01-08 22:07 ` [PATCH] firewire: cdev: add ioctls for iso resource management, amendment Stefan Richter
2009-01-11 20:32 ` [PATCH 05/11] firewire: cdev: add ioctls for isochronous resource management David Moore
2009-01-04 15:27 ` [PATCH 06/11] firewire: cdev: add ioctls for manual iso " Stefan Richter
[not found] ` <1231643968.3538.59.camel@localhost.localdomain>
[not found] ` <1231656885.3538.67.camel@localhost.localdomain>
[not found] ` <4969CE1A.8010800@s5r6.in-berlin.de>
2009-01-11 12:44 ` [PATCH] firewire: cdev: simplify a schedule_delayed_work wrapper Stefan Richter
2009-01-04 15:28 ` [PATCH 07/11] firewire: cdev: add ioctl to query maximum transmission speed Stefan Richter
2009-01-04 15:29 ` [PATCH 08/11] firewire: cdev: add ioctl for broadcast write requests Stefan Richter
2009-01-04 15:30 ` Stefan Richter [this message]
2009-01-04 15:30 ` [PATCH 10/11] firewire: cdev: extend transaction payload size check Stefan Richter
2009-01-04 15:31 ` [PATCH 11/11] firewire: cdev: replace some spin_lock_irqsave by spin_lock_irq Stefan Richter
2009-01-04 23:28 ` [PATCH 00/11] firewire: cdev: proposed ABI extensions Stefan Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tkrat.0035010cb99b6d5a@s5r6.in-berlin.de \
--to=stefanr@s5r6.in-berlin.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux1394-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox