Re: [PATCH v2] [SCSI] esas2r: fix possible array out-of-bounds caused by bad DMA value in esas2r_process_vda_ioctl()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2024-11-07 at 22:16 +0800, Qiu-ji Chen wrote:
> In line 1854 of the file esas2r_ioctl.c, the function 
> esas2r_process_vda_ioctl() is called with the parameter vi being
> assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is
> stored in DMA memory with the statement a->vda_buffer =
> dma_alloc_coherent(&a->pcid->dev, ..., indicating that the 
> parameter vi passed to the function is also stored in DMA memory.
> This suggests that the parameter vi could be altered at any time by
> malicious hardware.

Absent a specific threat (such as TPM with an interposer) this isn't a
vector the kernel protects against (we have to believe what hardware
says unless we know it to be specifically buggy about something). 
However, even supposing a PCI Interposer were considered a threat, the
answer now is hardware based: SPDM/PCI-IDE.

Regards,

James





[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux