[PATCH 1/2] cxl: Fix allowing bogus AFU descriptors with 0 maximum processes

Andrew Donnellan andrew.donnellan at au1.ibm.com
Thu Jun 30 08:35:44 AEST 2016


On 29/06/16 22:16, Ian Munsie wrote:
> From: Ian Munsie <imunsie at au1.ibm.com>
>
> If the AFU descriptor of an AFU directed AFU indicates that it supports
> 0 maximum processes, we will accept that value and attempt to use it.
> The SPA will still be allocated (with 2 pages due to another minor bug
> and room for 958 processes), and when a context is allocated we will
> pass the value of 0 to idr_alloc as the maximum. However, idr_alloc will
> treat that as meaning no maximum and will allocate a context number and
> we return a valid context.
>
> Conceivably, this could lead to a buffer overflow of the SPA if more
> than 958 contexts were allocated, however this is mitigated by the fact
> that there are no known AFUs in the wild with a bogus AFU descriptor
> like this, and that only the root user is allowed to flash an AFU image
> to a card.
>
> Add a check when validating the AFU descriptor to reject any with 0
> maximum processes.
>
> We do still allow a dedicated process only AFU to indicate that it
> supports 0 contexts even though that is forbidden in the architecture,
> as in that case we ignore the value and use 1 instead. This is just on
> the off-chance that such a dedicated process AFU may exist (not that I
> am aware of any), since their developers are less likely to have cared
> about this value at all.
>
> Signed-off-by: Ian Munsie <imunsie at au1.ibm.com>

Looks good to me.

Reviewed-by: Andrew Donnellan <andrew.donnellan at au1.ibm.com>

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan at au1.ibm.com  IBM Australia Limited



More information about the Linuxppc-dev mailing list