lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54C72333.7060601@linux.intel.com>
Date:	Tue, 27 Jan 2015 13:33:39 +0800
From:	Jiang Liu <jiang.liu@...ux.intel.com>
To:	Marc Zyngier <marc.zyngier@....com>,
	Thomas Gleixner <tglx@...utronix.de>
CC:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] genirq: MSI: Fix freeing of unallocated MSI

On 2015/1/27 3:10, Marc Zyngier wrote:
> While debugging an unrelated issue with the GICv3 ITS driver, the
> following trace triggered:
> 
> WARNING: CPU: 1 PID: 1 at kernel/irq/irqdomain.c:1121 irq_domain_free_irqs+0x160/0x17c()
> NULL pointer, cannot free irq
> Modules linked in:
> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W      3.19.0-rc6+ #3690
> Hardware name: FVP Base (DT)
> Call trace:
> [<ffffffc000089398>] dump_backtrace+0x0/0x13c
> [<ffffffc0000894e4>] show_stack+0x10/0x1c
> [<ffffffc00066d134>] dump_stack+0x74/0x94
> [<ffffffc0000a92f8>] warn_slowpath_common+0x9c/0xd4
> [<ffffffc0000a938c>] warn_slowpath_fmt+0x5c/0x80
> [<ffffffc0000ee04c>] irq_domain_free_irqs+0x15c/0x17c
> [<ffffffc0000ef918>] msi_domain_free_irqs+0x58/0x74
> [<ffffffc000386f58>] free_msi_irqs+0xb4/0x1c0
> 
>     // The msi_prepare callback fails here
> 
> [<ffffffc0003872c0>] pci_enable_msix+0x25c/0x3d4
> [<ffffffc00038746c>] pci_enable_msix_range+0x34/0x80
> [<ffffffc0003924ac>] vp_try_to_find_vqs+0xec/0x528
> [<ffffffc000392954>] vp_find_vqs+0x6c/0xa8
> [<ffffffc0003ee2a8>] init_vq+0x120/0x248
> [<ffffffc0003eefb0>] virtblk_probe+0xb0/0x6bc
> [<ffffffc00038fc34>] virtio_dev_probe+0x17c/0x214
> [<ffffffc0003d4a04>] driver_probe_device+0x7c/0x23c
> [<ffffffc0003d4cb0>] __driver_attach+0x98/0xa0
> [<ffffffc0003d2c60>] bus_for_each_dev+0x60/0xb4
> [<ffffffc0003d455c>] driver_attach+0x1c/0x28
> [<ffffffc0003d41b0>] bus_add_driver+0x150/0x208
> [<ffffffc0003d54c0>] driver_register+0x64/0x130
> [<ffffffc00038f9e8>] register_virtio_driver+0x24/0x68
> [<ffffffc00091320c>] init+0x70/0xac
> [<ffffffc0000828f0>] do_one_initcall+0x94/0x1d0
> [<ffffffc0008e9b00>] kernel_init_freeable+0x144/0x1e4
> [<ffffffc00066a434>] kernel_init+0xc/0xd8
> ---[ end trace f9ee562a77cc7bae ]---
> 
> The ITS msi_prepare callback having failed, we end-up trying to
> free MSIs that have never been allocated. Oddly enough, the kernel
> is pretty upset about it.
> 
> It turns out that this behaviour was expected before the MSI domain
> was introduced (and dealt with in arch_teardown_msi_irqs).
> 
> The obvious fix is to detect this early enough and bail out.
> 
> Signed-off-by: Marc Zyngier <marc.zyngier@....com>
> ---
>  kernel/irq/msi.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
> index 3e18163..474de5c 100644
> --- a/kernel/irq/msi.c
> +++ b/kernel/irq/msi.c
> @@ -310,8 +310,15 @@ void msi_domain_free_irqs(struct irq_domain *domain, struct device *dev)
>  	struct msi_desc *desc;
>  
>  	for_each_msi_entry(desc, dev) {
> -		irq_domain_free_irqs(desc->irq, desc->nvec_used);
> -		desc->irq = 0;
> +		/*
> +		 * We might have failed to allocate an MSI early
> +		 * enough that there is no IRQ associated to this
> +		 * entry. If that's the case, don't do anything.
> +		 */
> +		if (desc->irq) {
> +			irq_domain_free_irqs(desc->irq, desc->nvec_used);
> +			desc->irq = 0;
> +		}
>  	}
>  }
>  
> 
Review-by: Jiang Liu <jiang.liu@...ux.intel.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ