Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1961645ima; Mon, 22 Oct 2018 01:30:59 -0700 (PDT) X-Google-Smtp-Source: ACcGV60CVlXOaSS6k+FCIsKQXKU8HmOjjZLSAKAoJqsBiMG6X97w84/uK/Qh+rVvq3A7uxQABpVV X-Received: by 2002:a62:ff09:: with SMTP id b9-v6mr44501288pfn.46.1540197059380; Mon, 22 Oct 2018 01:30:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540197059; cv=none; d=google.com; s=arc-20160816; b=eGTDqYwjPZoMS8bCbJs5HZq4gdr9PmIHpoq2ZPUsZpfmnoaGbaXrtB99eBLjiz1XjG viVvKE9e7Cwc4GVddsaTaK5/L8pFMBNjedKEsi6a9PkRpjLmlOc4DV4Q64Ge20inhZtZ w1Z0wPGQj9MA2thJNBrA8PrNhwYawJx7yeQ9ZrAhFfPRY0Mh2upHcZXSa2QOV/0RAd71 xLRhnad47EHqOjDSsEFdNEwOcnkk7A6iOV/rKREJ6j6iE0doXJftO/K1BoKAWd3Bl5nI TIDm8nHU/FHN8hAwanvVgecB/eQZvepxDeHNDrsmh4V2lHY8hQCqMGtDAHjB+ZtpBsXI qk2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=QP0aPPyHQk2vzDqy3itQW1gD34/tI6Xl2hJizr4A6U8=; b=MgBt5E4Vm7A3dVNE567kWpc1PzJFaX+P+odVpsz70bxKl/mjEMGCFD+sr/YwYQi2pw pJfHnYUTh2DNhoXQ45GJ8LlZte7pgENiAE7ZaNdUWy+okQe87DyuAZnd6HaehWEDRHKf 68a0/dINApfxD/WQI09UcjgEb+NO/8C5wuxeEnlrOOpgTGSjxA3hxaXYskfbxdFEAl2k 8r39Ogn4NBb0pGd1KjUWw1rYMCGRXBW+Iv8r0Scfl7mhB3wx5Ppd6SZo2zeBXvB6kMP2 /tOwyeenWQsxwa0LTnxkuh9jxalhQOD1v1vx1JY7/q/TQOKyp2fZs5Fv9rbLG0LDI0KU j08w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id go1si31893840plb.242.2018.10.22.01.30.44; Mon, 22 Oct 2018 01:30:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727622AbeJVQP3 (ORCPT + 99 others); Mon, 22 Oct 2018 12:15:29 -0400 Received: from mga12.intel.com ([192.55.52.136]:31935 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727479AbeJVQP3 (ORCPT ); Mon, 22 Oct 2018 12:15:29 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Oct 2018 00:58:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,411,1534834800"; d="scan'208";a="101308790" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.157]) by fmsmga001.fm.intel.com with SMTP; 22 Oct 2018 00:58:01 -0700 Received: by lahna (sSMTP sendmail emulation); Mon, 22 Oct 2018 10:58:00 +0300 Date: Mon, 22 Oct 2018 10:58:00 +0300 From: Mika Westerberg To: Wenwen Wang Cc: Kangjie Lu , andreas.noever@gmail.com, michael.jamet@intel.com, YehezkelShB@gmail.com, open list Subject: Re: [PATCH] thunderbolt: Fix a missing-check bug Message-ID: <20181022075800.GJ2302@lahna.fi.intel.com> References: <1539784829-1159-1-git-send-email-wang6495@umn.edu> <20181018091319.GT2302@lahna.fi.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 19, 2018 at 04:25:01PM -0500, Wenwen Wang wrote: > Hi Mika, Hi, > Thanks for your response. The current version of the code assumes that > the Thunderbolt controller behaves as expected, e.g., the host > controller should not touch the data after it is marked ready. > However, it is not impossible that the controller is exploited by an > attacker through a security vulnerability, even though it is soldered > on the motherboard. In that case, the controller may behave in an > unexpected way and this bug will offer more opportunities for the > attacker. That would require the attacker to dissassemble the laptop case or similar in case of desktop system. That's already something we cannot protect against. Furthermore this would apply to all DMA capable devices such as the xHCI controller typically part of the Thunderbolt host router or every single network card but I have not seen fixes like this on network side (probably because there is really no need). If the attacker could somehow say, replace the firmware on the Thunderbolt host router then I suppose they could just go and overwrite the extra protection you did in this patch (or probably do something worse since they can access all the system memory). So all in all I don't think this is something we would need to deal with. Situation is totally different if you manage to connecte external devices that can do DMA (which is pretty much what Thunderbolt for example allows) but for those we already have security of some sort implemented. Thanks!