Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp281212pxb; Tue, 12 Apr 2022 01:40:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwNskmEsuMP/3msXqhjRMl9Vjor0Uf1B2jm7BaaIUDKQHErs2XCBoV8ZjH9K+sSRGs1FJcb X-Received: by 2002:a17:902:da84:b0:158:7eeb:bfb8 with SMTP id j4-20020a170902da8400b001587eebbfb8mr4716688plx.55.1649752857861; Tue, 12 Apr 2022 01:40:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649752857; cv=none; d=google.com; s=arc-20160816; b=Pq3Pnqlm+XtL6I2ZCzWO8gT4me0SnLoU5bTf/d49ScTYJ8oVxokWALF/Bx1j8oaFUs wuEmXZ66vn6rqpKcrJ4QW4lKJJu0jGtKU+H1Y08aeLbyR05m7xDM9xUAnBcRRyfrxvmr oIQ8K/lxA7Y0B5KDJdHgBFxtV0hErYjIzf9wNfzvC73YxXwKI2N9mCmGkygue4eO0cqM iBwIrpahjeY3w1ggowI5/AibDZc22lor5winJ+C2y8pEO0UDYoIiCtRuG6kX6y9v1x6I OwJ05vUiwJKq0nWF8Gp2FhPlxepmJrJo0u4BRTk77SRe5ofk5PsCu0GSNSAFq7t41LdF 3r4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=jbSm1MHt39I7ELXl4PzbMeWOWrLGSVaBwZFiPCX5kO4=; b=OaWwEDdKJ9NNT8zHiO5puPJaclDosoujUyY/KVTHuZ2olrchSp8nnz1L8DyqDXlXQV ZxQFTJcSFG8HW/dZrqNaSRTGXbV0DT9+vLopuLASWc6F3ONSs6ephwY/bYHSqs9TQwLU Uoizvzv6edxIJbZMvM56rn7vwJwgK4kbz5+LJCL+89RxeH97FCl11yNl50dcRZbmzc9Y 8MNLg0ecspXHEB0VJHbP5tDrlxZC325oBBA9J6BtnwpDDe6gw4O31uI2CsEbredP3euT BCH7m4kWWcezXhHSIH5w/sBZbvXt9YsA0wIsNiYedDAip5pnbj2+VkAV/yMMf4lhDfwa o5nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=BaCxajrw; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n8-20020a170902e54800b0015636e142c9si11427314plf.80.2022.04.12.01.40.45; Tue, 12 Apr 2022 01:40:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=BaCxajrw; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239045AbiDJK5C (ORCPT + 99 others); Sun, 10 Apr 2022 06:57:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238028AbiDJK4p (ORCPT ); Sun, 10 Apr 2022 06:56:45 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 003491BE9F; Sun, 10 Apr 2022 03:54:31 -0700 (PDT) Date: Sun, 10 Apr 2022 10:54:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1649588070; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jbSm1MHt39I7ELXl4PzbMeWOWrLGSVaBwZFiPCX5kO4=; b=BaCxajrw8f2BiofPEJ3mdMWGs/i78dZ71SL2R11aH3amcYqitK36vZL0uSC6Aqcwbkit0f UfbGRsBvTdo+HN5BwJVlfL3DfhviiIYvga2X79+8GKr7uhZDooGMpclwkO+2CWCihVqsNz 2ATMEyj6G9XFWTAh8YGe5uIBuZkwopGaLJWUhWJFDy5B0NyVbb6owJTByxUujlJICKxBfk wMsg1OWheffEP/yMeV9pORe2ZD0skgAhfhvT38EMX9WOqqjL0EHE0NVFRk3v1IrtKRGgsD GBwuCXKbGOJpaoYkHI2f8e/LDbfjKIlaQOOYoYkAgB8dOhghs1PPGTYBqinwcw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1649588070; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jbSm1MHt39I7ELXl4PzbMeWOWrLGSVaBwZFiPCX5kO4=; b=osdppoDdbDvW01RGyeM4n5I2ydJujFNqJZoB9hBK9Via9nHPaLCSC7rHjNrmH7ziCjC8mm ybP2CgjnFD9DpIBQ== From: "tip-bot2 for Maciej W. Rozycki" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/irq] x86/PCI: Add PIRQ routing table range checks Cc: "Maciej W. Rozycki" , Thomas Gleixner , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: References: MIME-Version: 1.0 Message-ID: <164958806957.4207.7929063021391145772.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/irq branch of tip: Commit-ID: 5d64089aa4a5bd3d7e00e3d6ddf4943dd34627b3 Gitweb: https://git.kernel.org/tip/5d64089aa4a5bd3d7e00e3d6ddf4943dd34627b3 Author: Maciej W. Rozycki AuthorDate: Thu, 31 Mar 2022 08:10:55 +01:00 Committer: Thomas Gleixner CommitterDate: Sun, 10 Apr 2022 12:48:14 +02:00 x86/PCI: Add PIRQ routing table range checks Verify that the PCI IRQ Routing Table header as well as individual slot entries are all wholly contained within the BIOS memory area. Do not even call the checksum calculator if the header would overrun the area and then bail out early if any slot would. Signed-off-by: Maciej W. Rozycki Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/alpine.DEB.2.21.2203301735510.22465@angie.orcam.me.uk --- arch/x86/pci/irq.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c index 4b0e008..ef97b26 100644 --- a/arch/x86/pci/irq.c +++ b/arch/x86/pci/irq.c @@ -68,7 +68,8 @@ void (*pcibios_disable_irq)(struct pci_dev *dev) = pirq_disable_irq; * and perform checksum verification. */ -static inline struct irq_routing_table *pirq_check_routing_table(u8 *addr) +static inline struct irq_routing_table *pirq_check_routing_table(u8 *addr, + u8 *limit) { struct irq_routing_table *rt; int i; @@ -78,7 +79,8 @@ static inline struct irq_routing_table *pirq_check_routing_table(u8 *addr) if (rt->signature != PIRQ_SIGNATURE || rt->version != PIRQ_VERSION || rt->size % 16 || - rt->size < sizeof(struct irq_routing_table)) + rt->size < sizeof(struct irq_routing_table) || + (limit && rt->size > limit - addr)) return NULL; sum = 0; for (i = 0; i < rt->size; i++) @@ -99,17 +101,22 @@ static inline struct irq_routing_table *pirq_check_routing_table(u8 *addr) static struct irq_routing_table * __init pirq_find_routing_table(void) { + u8 * const bios_start = (u8 *)__va(0xf0000); + u8 * const bios_end = (u8 *)__va(0x100000); u8 *addr; struct irq_routing_table *rt; if (pirq_table_addr) { - rt = pirq_check_routing_table((u8 *) __va(pirq_table_addr)); + rt = pirq_check_routing_table((u8 *)__va(pirq_table_addr), + NULL); if (rt) return rt; printk(KERN_WARNING "PCI: PIRQ table NOT found at pirqaddr\n"); } - for (addr = (u8 *) __va(0xf0000); addr < (u8 *) __va(0x100000); addr += 16) { - rt = pirq_check_routing_table(addr); + for (addr = bios_start; + addr < bios_end - sizeof(struct irq_routing_table); + addr += 16) { + rt = pirq_check_routing_table(addr, bios_end); if (rt) return rt; }