lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4CBCCE83.3040008@kernel.org>
Date:	Mon, 18 Oct 2010 15:47:31 -0700
From:	Yinghai Lu <yinghai@...nel.org>
To:	Thomas Gleixner <tglx@...utronix.de>
CC:	Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86, irq: Check if irq is remapped before freeing irte

On 10/18/2010 03:31 PM, Thomas Gleixner wrote:
> On Mon, 18 Oct 2010, Yinghai Lu wrote:
> 
>> On 10/18/2010 02:17 PM, Thomas Gleixner wrote:
>>>
>>>
>>> On Mon, 18 Oct 2010, Thomas Gleixner wrote:
>>>
>>>> On Mon, 18 Oct 2010, Yinghai Lu wrote:
>>>>>
>>>>> Index: linux-2.6/drivers/pci/intr_remapping.c
>>>>> ===================================================================
>>>>> --- linux-2.6.orig/drivers/pci/intr_remapping.c
>>>>> +++ linux-2.6/drivers/pci/intr_remapping.c
>>>>> @@ -60,7 +60,7 @@ int get_irte(int irq, struct irte *entry
>>>>>  	unsigned long flags;
>>>>>  	int index;
>>>>>  
>>>>> -	if (!entry || !irq_iommu)
>>>>> +	if (!entry || !irq_iommu || !irq_iommu->iommu)
>>>>>  		return -1;
>>>>
>>>> Hmm, why do we need this? This is only called from
>>>> ir_ioapic_set_affinity() and ir_msi_set_affinity().
> 
> That does not answer that question !
we don't need that checking there.
> 
>>>> We should never end up there when intr_remapping=off, right ?
>>>
>>> Thinking more about it, this check is actively bogus. The call sites do:
>>>
>>>         struct irte irte;
>>>
>>>         if (get_irte(irq, &irte))
>>>                 return -1;
>>>
>>> So entry _CANNOT_ be NULL.
>>>
>>> And in fact we should change get_irte() to
>>>
>>> get_irte(struct irq_2_iommu *irq_iommu, struct irte *entry)
>>>
>>> The call site already knows about it. No need to lookup irq_iommu
>>> based on the irq number.
>>
>> looks like all irq-irte related API could replace "int irq" to "struct irq_2_iommu *irq_iommu"
>>
>> extern int get_irte(int irq, struct irte *entry);
>> extern int modify_irte(int irq, struct irte *irte_modified);
>> extern int alloc_irte(struct intel_iommu *iommu, int irq, u16 count);
>> extern int set_irte_irq(int irq, struct intel_iommu *iommu, u16 index,
>>                         u16 sub_handle);
>> extern int map_irq_to_irte_handle(int irq, u16 *sub_handle);
>> extern int free_irte(int irq);
> 
> Probably, but we need to figure out which functions need which checks
> instead of having either redundant or superflous ones there.
> 
only free_irte().

because other have have protection from intr_remapping_enabled or irq_remapped(get_irq_chip_data(irq)) or with ir related chip.

this one works too.

---
 arch/x86/kernel/apic/io_apic.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: linux-2.6/arch/x86/kernel/apic/io_apic.c
===================================================================
--- linux-2.6.orig/arch/x86/kernel/apic/io_apic.c
+++ linux-2.6/arch/x86/kernel/apic/io_apic.c
@@ -3109,7 +3109,8 @@ void destroy_irq(unsigned int irq)
 
 	irq_set_status_flags(irq, IRQ_NOREQUEST|IRQ_NOPROBE);
 
-	free_irte(irq);
+	if (intr_remapping_enabled)
+		free_irte(irq);
 	raw_spin_lock_irqsave(&vector_lock, flags);
 	__clear_irq_vector(irq, cfg);
 	raw_spin_unlock_irqrestore(&vector_lock, flags);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ