mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 15:15:47 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/iommu
History
Alexander Monakov e461b8c991 iommu/amd: Fix over-read of ACPI UID from IVRS table 
IVRS parsing code always tries to read 255 bytes from memory when
retrieving ACPI device path, and makes an assumption that firmware
provides a zero-terminated string. Both of those are bugs: the entry
is likely to be shorter than 255 bytes, and zero-termination is not
guaranteed.

With Acer SF314-42 firmware these issues manifest visibly in dmesg:

AMD-Vi: ivrs, add hid:AMDI0020, uid:\_SB.FUR0\xf0\xa5, rdevid:160
AMD-Vi: ivrs, add hid:AMDI0020, uid:\_SB.FUR1\xf0\xa5, rdevid:160
AMD-Vi: ivrs, add hid:AMDI0020, uid:\_SB.FUR2\xf0\xa5, rdevid:160
AMD-Vi: ivrs, add hid:AMDI0020, uid:\_SB.FUR3>\x83e\x8d\x9a\xd1...

The first three lines show how the code over-reads adjacent table
entries into the UID, and in the last line it even reads garbage data
beyond the end of the IVRS table itself.

Since each entry has the length of the UID (uidl member of ivhd_entry
struct), use that for memcpy, and manually add a zero terminator.

Avoid zero-filling hid and uid arrays up front, and instead ensure
the uid array is always zero-terminated. No change needed for the hid
array, as it was already properly zero-terminated.

Fixes: 2a0cb4e2d4 ("iommu/amd: Add new map for storing IVHD dev entry type HID")

Signed-off-by: Alexander Monakov <amonakov@ispras.ru>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: iommu@lists.linux-foundation.org
Link: https://lore.kernel.org/r/20200511102352.1831-1-amonakov@ispras.ru
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2020-05-13 11:13:26 +02:00
..
amd_iommu.c iommu/amd: Do not flush Device Table in iommu_map_page() 2020-05-05 14:38:38 +02:00
amd_iommu.h iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems 2019-08-23 10:26:48 +02:00
amd_iommu_debugfs.c
amd_iommu_init.c iommu/amd: Fix over-read of ACPI UID from IVRS table 2020-05-13 11:13:26 +02:00
amd_iommu_proto.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
amd_iommu_quirks.c iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 2019-10-30 10:24:03 +01:00
amd_iommu_types.h iommu/amd: Fix race in increase_address_space()/fetch_pte() 2020-05-05 14:38:38 +02:00
amd_iommu_v2.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
arm-smmu-impl.c iommu/arm-smmu: Rename public #defines under ARM_SMMU_ namespace 2020-01-10 15:52:25 +00:00
arm-smmu-qcom.c iommu: arm-smmu-impl: Add sdm845 implementation hook 2019-11-04 17:48:37 +00:00
arm-smmu-v3.c Merge branches 'iommu/fixes', 'arm/qcom', 'arm/omap', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2020-03-27 11:33:27 +01:00
arm-smmu.c iommu/arm-smmu: Use accessor functions for iommu private data 2020-03-27 11:14:52 +01:00
arm-smmu.h iommu/io-pgtable-arm: Rationalise VTCR handling 2020-01-10 15:52:25 +00:00
dma-iommu.c iommu/dma: Fix MSI reservation allocation 2020-03-04 16:27:56 +01:00
dmar.c iommu/vt-d: Ignore devices with out-of-spec domain number 2020-03-14 09:38:39 +01:00
exynos-iommu.c iommu: Add gfp parameter to iommu_ops::map 2019-10-15 11:31:04 +02:00
fsl_pamu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
fsl_pamu.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
fsl_pamu_domain.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
fsl_pamu_domain.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
hyperv-iommu.c iommu/hyper-v: Add Hyper-V stub IOMMU driver 2019-02-28 11:12:16 +01:00
intel-iommu-debugfs.c iommu/vt-d: Populate debugfs if IOMMUs are detected 2020-03-14 20:02:43 +01:00
intel-iommu.c iommu/vt-d: Use right Kconfig option name 2020-05-01 13:31:17 +02:00
intel-pasid.c iommu/vt-d: Add PASID_FLAG_FL5LP for first-level pasid setup 2020-01-07 14:05:58 +01:00
intel-pasid.h iommu/vt-d: Add PASID_FLAG_FL5LP for first-level pasid setup 2020-01-07 14:05:58 +01:00
intel-svm.c Merge branches 'iommu/fixes', 'arm/qcom', 'arm/omap', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2020-03-27 11:33:27 +01:00
intel-trace.c iommu/vt-d: Add trace events for device dma map/unmap 2019-09-11 12:34:30 +02:00
intel_irq_remapping.c iommu/vt-d: Fix wrong analysis whether devices share the same bus 2019-08-30 15:47:37 +02:00
io-pgtable-arm-v7s.c iommu/io-pgtable-arm: Rationalise TCR handling 2020-01-10 15:52:24 +00:00
io-pgtable-arm.c iommu/io-pgtable-arm: Fix IOVA validation for 32-bit 2020-03-02 17:17:26 +01:00
io-pgtable.c iommu/io-pgtable-arm: Rationalise TCR handling 2020-01-10 15:52:24 +00:00
ioasid.c iommu/ioasid: Add custom allocators 2019-10-15 13:34:25 +02:00
iommu-debugfs.c iommu: Fix IOMMU debugfs fallout 2019-02-26 11:15:58 +01:00
iommu-sysfs.c drivers/iommu: Export core IOMMU API symbols to permit modular drivers 2019-12-23 14:06:05 +01:00
iommu-traces.c
iommu.c iommu: Properly export iommu_group_get_for_dev() 2020-05-01 13:32:34 +02:00
iova.c iommu/iova: Silence warnings under memory pressure 2019-12-23 14:07:03 +01:00
ipmmu-vmsa.c iommu/renesas: Use accessor functions for iommu private data 2020-03-27 11:14:52 +01:00
irq_remapping.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
irq_remapping.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
Kconfig iommu: spapr_tce: Disable compile testing to fix build on book3s_32 config 2020-04-29 13:55:40 +02:00
Makefile iommu/arm-smmu: Restore naming of driver parameter prefix 2020-02-19 12:03:21 +01:00
msm_iommu.c iommu/io-pgtable-arm: Rationalise TTBRn handling 2020-01-10 15:39:23 +00:00
msm_iommu.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 267 2019-06-05 17:30:29 +02:00
msm_iommu_hw-8xxx.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 267 2019-06-05 17:30:29 +02:00
mtk_iommu.c iommu/mediatek: Use accessor functions for iommu private data 2020-03-27 11:14:52 +01:00
mtk_iommu.h iommu/mediatek: Move the tlb_sync into tlb_flush 2019-11-11 15:02:34 +01:00
mtk_iommu_v1.c iommu/mediatek: Use accessor functions for iommu private data 2020-03-27 11:14:52 +01:00
of_iommu.c iommu/arm-smmu-v3: Parse PASID devicetree property of platform devices 2020-01-15 16:00:57 +00:00
omap-iommu-debug.c Merge branches 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/omap', 'generic-dma-ops' and 'core' into next 2019-07-04 17:26:48 +02:00
omap-iommu.c iommu/omap: Fix printing format for size_t on 64-bit 2020-03-04 16:24:46 +01:00
omap-iommu.h iommu/omap: add support for late attachment of iommu devices 2019-08-09 17:37:10 +02:00
omap-iopgtable.h iommu/omap: Fix -Woverflow warnings when compiling on 64-bit architectures 2020-03-04 16:24:46 +01:00
qcom_iommu.c iommu/qcom: Fix local_base status check 2020-05-01 13:37:23 +02:00
rockchip-iommu.c Merge branches 'iommu/fixes', 'arm/qcom', 'arm/renesas', 'arm/rockchip', 'arm/mediatek', 'arm/tegra', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2019-11-12 17:11:25 +01:00
s390-iommu.c iommu: Add gfp parameter to iommu_ops::map 2019-10-15 11:31:04 +02:00
tegra-gart.c iommu/tegra-gart: Remove direct access of dev->iommu_fwspec 2020-03-27 11:12:19 +01:00
tegra-smmu.c Merge branches 'iommu/fixes', 'arm/qcom', 'arm/renesas', 'arm/rockchip', 'arm/mediatek', 'arm/tegra', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2019-11-12 17:11:25 +01:00
virtio-iommu.c iommu/virtio: Reverse arguments to list_add 2020-05-08 17:31:18 +02:00