lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Jan 2016 15:25:27 +0100
From:	Joerg Roedel <jroedel@...e.de>
To:	Oliver Neukum <oneukum@...e.com>
Cc:	Stefani Seibold <stefani@...bold.net>,
	linux-usb <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Greg KH <greg@...ah.com>,
	Alan Stern <stern@...land.harvard.edu>, jroedel@...e.com
Subject: Re: OHCI unplug kernel crash in kernel 4.3 and 4.4

On Thu, Jan 14, 2016 at 03:01:14PM +0100, Oliver Neukum wrote:
> On Thu, 2016-01-14 at 13:50 +0100, Stefani Seibold wrote:
> > A unplug of an USB 1.0 OHCI controller express card will result in a
> > kernel crash. The express card is attached via thunderbolt and a sonnet
> > express card to thunderbolt adapter. The computer hangs after the
> > unplug, only a power fix the situation.
> > 
> > This is the kernel log of a kernel 4.4 via netconsole:
> > 
> > pciehp 0000:06:03.0:pcie24: Card not present on Slot(3)
> > pciehp 0000:06:03.0:pcie24: slot(3): Link Down event
> > pciehp 0000:06:03.0:pcie24: Link Down event ignored on slot(3): already powering off
> > ehci-pci 0000:0b:00.2: HC died; cleaning up
> > ehci-pci 0000:0b:00.2: remove, state 4
> > usb usb5: USB disconnect, device number 1
> > pciehp 0000:00:1c.4:pcie04: Card not present on Slot(4)
> > pciehp 0000:00:1c.4:pcie04: slot(4): Link Down event
> > ehci-pci 0000:0b:00.2: USB bus 5 deregistered
> > ohci-pci 0000:0b:00.1: HC died; cleaning up
> > ohci-pci 0000:0b:00.1: remove, state 4
> > usb usb7: USB disconnect, device number 1
> > pciehp 0000:00:1c.4:pcie04: Link Down event ignored on slot(4): already powering off
> > ohci-pci 0000:0b:00.1: USB bus 7 deregistered
> > ohci-pci 0000:0b:00.0: HC died; cleaning up
> > ohci-pci 0000:0b:00.0: remove, state 4
> > usb usb6: USB disconnect, device number 1
> > ------------[ cut here ]------------
> > kernel BUG at drivers/iommu/intel-iommu.c:3592!
> 
> This is likely the crucial information. The IOMMU is unhappy.

The only explanation for this is that the device driver calls into the
iommu code after the BUS_NOTIFY_REMOVED_DEVICE notifier ran. I see in
the stack-trace below that device_release_driver() is called from an
unusual place in pci code.

Unless there is a good explanation for calling device_release_driver()
after the BUS_NOTIFY_REMOVED_DEVICE notifier, this is no bug in the
iommu code.



	Joerg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ