Re: [PATCH] media: pci: ttpci: av7110: avoid compiler optimization of reading data[0] in debiirq()

From: Pavel Machek
Date: Wed Sep 09 2020 - 04:55:18 EST

Next message: Bartosz Golaszewski: "[PATCH v2 2/3] gpiolib: generalize devprop_gpiochip_set_names() for device properties"
Previous message: Jason Wang: "Re: [PATCH] i2c: virtio: add a virtio i2c frontend driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun 2020-08-30 09:30:36, Sean Young wrote:
> On Sun, Aug 30, 2020 at 04:20:42PM +0800, Jia-Ju Bai wrote:
> > In debiirq(), data_0 stores the value of data[0], but it can be dropped
> > by compiler optimization. Thus, data[0] is read through READ_ONCE().
> >
> > Fixes: 6499a0db9b0f ("media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq()")
> > Reported-by: Pavel Machek <pavel@xxxxxx>
>
> Pavel reported that your patch was garbage, if you are trying to defend
> against a malicious pci device. READ_ONCE() will not help here.

I would not use exactly those words, but agreed; we should have some
explanation that it is feasible to protect against malicious av7110
device, first.

Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Next message: Bartosz Golaszewski: "[PATCH v2 2/3] gpiolib: generalize devprop_gpiochip_set_names() for device properties"
Previous message: Jason Wang: "Re: [PATCH] i2c: virtio: add a virtio i2c frontend driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]