| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1372132661.30572.354.camel@ul30vt.home> Date: Mon, 24 Jun 2013 21:57:41 -0600 From: Alex Williamson <alex.williamson@...hat.com> To: Bjorn Helgaas <bhelgaas@...gle.com> Cc: Radim Krčmář <rkrcmar@...hat.com>, "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Myron Stowe <myron.stowe@...hat.com>, Joe Lawrence <Joe.Lawrence@...atus.com>, Kenji Kaneshige <kaneshige.kenji@...fujitsu.com>, "Michael S. Tsirkin" <mst@...hat.com>, Isaku Yamahata <yamahata@...inux.co.jp> Subject: Re: [PATCH] PCI: avoid NULL deref in alloc_pcie_link_state On Mon, 2013-06-24 at 21:35 -0600, Bjorn Helgaas wrote: > On Mon, Jun 24, 2013 at 8:58 PM, Alex Williamson > <alex.williamson@...hat.com> wrote: > > On Mon, 2013-06-24 at 19:38 -0600, Bjorn Helgaas wrote: > >> [+cc Michael, Alex, Isaku] > >> > >> On Wed, Jun 19, 2013 at 12:56 PM, Radim Krčmář <rkrcmar@...hat.com> wrote: > >> > PCIe switch upstream port can be connected directly to the PCIe root bus > >> > in QEMU; ASPM does not expect this topology and dereferences NULL pointer > >> > when initializing. > >> > > >> > I have not confirmed this can happen on real hardware, but it is presented > >> > as a feature in QEMU, so there is no reason to panic if we can recover. > >> > >> This doesn't seem like a valid hardware topology to me. If this *can* > >> occur on real hardware, we should fix it in Linux. If not, maybe QEMU > >> should be changed to disallow it. > > > > I think a quad-port 82576 plugged into an express slot is likely the > > same topology. > > I don't think that would be the same topology Radim described. In > Radim's case, we have this: > > 00:03.0 upstream port > 01:00.0 downstream port > > and when we call alloc_pcie_link_state() for 01:00.0, > > pdev is 01:00.0 > pdev->bus is bus 01 > pdev->bus->parent is bus 00 > pdev->bus->parent->self (the bridge device leading to bus 00) is NULL > > But in the case of a quad 82576 plugged into a slot, there would be a > root port or a downstream port leading to the slot's link, so my guess > is we'd have something like this (based on lspci output I found at > [1]): > > 00:05.0 root port leading to slot (bridge to [bus 01-08]) > 01:00.0 upstream port of switch on card (bridge to [bus 02-08]) > 02:02.0 downstream port (bridge to [bus 03-05]) > 02:04.0 downstream port (bridge to [bus 06-08]) > 03:00.0 82576 port 0 > 03:00.1 82576 port 1 > 06:00.0 82576 port 2 > 06:00.1 82576 port 3 > > So when we call alloc_pcie_link_state() for 02:02.0, > > pdev is 02:02.0 > pdev->bus is bus 02 > pdev->bus->parent is bus 01 > pdev->bus->parent->self (the bridge leading to bus 01) is 00:05.0 Oops, I misread his statement. I don't think an upstream port connected directly to a root complex is valid. I thought he was having problems with an upstream port connected to a root port, which is obviously valid. QEMU lets us attach nearly anything to the root complex, most of them aren't valid. Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists