[igt-dev] [PATCH i-g-t] cve: Add checker for cve-2019-0155

Chris Wilson chris at chris-wilson.co.uk
Thu Nov 21 15:29:49 UTC 2019 

Quoting Mika Kuoppala (2019-11-21 15:19:30)
> +static int is_platform_gen9(void)
> +{
> +       const char * const id_file =
> +               "/sys/bus/pci/drivers/i915/0000:00:02.0/device";

I still suggest we use I915_PARAM_CHIPSET_ID to avoid reliance on sysfs
here.

> +       char idstr[32] = {0, };
> +       uint32_t id = 0;
> +       int fd, ret, i;
> +
> +       fd = open(id_file, O_RDONLY);
> +       if (fd == -1)
> +               return -1;
> +
> +       ret = read(fd, idstr, 6);
> +       if (ret != 6)
> +               return -1;
> +
> +       close(fd);
> +
> +       idstr[6] = 0;
> +
> +       id = strtol(idstr, NULL, 16);
> +
> +       for (i = 0; i < sizeof(gen9_ids)/sizeof(uint32_t); i++)
sizeof(gen9_ids) / sizeof(gen9_ids[0])

> +               if (id == gen9_ids[i])
> +                       return 1;
> +
> +       return 0;
> +}
> +
> +static int is_fd_safe(const int fd)
> +{
> +       int parser_version = -1;
> +       int write_block = 0;
> +
> +       parser_version = cmd_parser_version(fd);
> +       printf("  Command parser version: %d\n", parser_version);
> +       if (parser_version >= 10) {
> +               printf("  Command parsing for blt engine supported\n");
> +       } else if (!CHECK_WRITE_BLOCK_WITHOUT_PARSER) {
> +               printf("  There is no blitter command parser\n");
> +               return 0;
> +       }
> +
> +       write_block = is_write_blocked(fd);
> +
> +       printf("  Unsafe write %s\n", write_block ? "blocked" : "possible!");
> +
> +       return write_block;
> +}
> +
> +struct stats {
> +       int checked;
> +       int safe;
> +       int failed;
> +};
> +
> +static void check_path(const char *path, struct stats *stats)
> +{
> +       int fd;
> +       int is_safe;
> +
> +       fd = open(path, O_RDWR);
> +       if (fd == -1) {
> +               if (errno != ENOENT) {
> +                       printf("Opening %s failed with %s (%d)\n",
> +                              path, strerror(errno), errno);
> +                       stats->failed++;
> +               }
> +
> +               return;
> +       }
> +
> +       if (!is_driver_i915(fd)) {
> +               close(fd);
> +               return;
> +       }
> +
> +       printf("Checking %s:\n", path);
> +
> +       is_safe = is_fd_safe(fd);
> +       printf("  Device %s : %s\n\n", path, is_safe ? "SAFE" : "VULNERABLE");
> +       if (is_safe)
> +               stats->safe++;

I would go through and do a pass of errors => stderr, and suppressing
anything else that is not "SAFE" vs "UNSAFE" (usual #define DBG tricks)
-Chris

More information about the igt-dev mailing list