lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1471914083-3508-1-git-send-email-wanpeng.li@hotmail.com>
Date:   Tue, 23 Aug 2016 09:01:23 +0800
From:   Wanpeng Li <kernellwp@...il.com>
To:     linux-kernel@...r.kernel.org, x86@...nel.org
Cc:     Wanpeng Li <wanpeng.li@...mail.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "H. Peter Anvin" <hpa@...or.com>, Joerg Roedel <joro@...tes.org>
Subject: [PATCH v2] x86/apic: Fix modify_irte NULL pointer

From: Wanpeng Li <wanpeng.li@...mail.com>

native_smp_prepare_cpus
  -> default_setup_apic_routing
    -> enable_IR_x2apic
      -> irq_remapping_prepare
        -> intel_prepare_irq_remapping
          -> intel_setup_irq_remapping		  

IR table is setup even if noapic boot parameter is added.

As a result:

    BUG: unable to handle kernel NULL pointer dereference at           (null)
    IP: [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
    PGD 209638067 PUD 2105f4067 PMD 0 
    Oops: 0000 [#1] SMP
    RIP: 0010:[<ffffffff8d5a5e58>]  [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
    Call Trace:
     intel_ir_set_affinity+0xa3/0xb0
     msi_domain_set_affinity+0x21/0x70
     ? __irq_set_affinity+0x34/0x70
     irq_do_set_affinity+0x1d/0x70
     irq_set_affinity_locked+0xc2/0x100
     __irq_set_affinity+0x47/0x70
     write_irq_affinity.isra.7+0xcc/0xf0
     irq_affinity_proc_write+0x19/0x20
     proc_reg_write+0x3d/0x70
     ? rcu_sync_lockdep_assert+0x2f/0x60
     __vfs_write+0x28/0x120
     ? percpu_down_read+0x5c/0xa0
     ? __sb_start_write+0xca/0xe0
     ? __sb_start_write+0xca/0xe0
     vfs_write+0xb5/0x1b0
     SyS_write+0x49/0xa0
     do_syscall_64+0x81/0x220
     entry_SYSCALL64_slow_path+0x25/0x25
    RIP  [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
     RSP <ffff8e9ad01b7c78>
    CR2: 0000000000000000
    
irqbalance is running at the end of booting and changes the irq affinity, 
then irte is flushed. We should not have MSI and such if apic is disabled. 
This patch fix it by return -ENODEV if apic is disabled in order to avoid 
to setup ir table for ioapic.

Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: Joerg Roedel <joro@...tes.org>
Signed-off-by: Wanpeng Li <wanpeng.li@...mail.com>
---
v1 -> v2: 
 * not call any of the apic functions when apic is disabled

 arch/x86/kernel/apic/probe_32.c | 3 +++
 arch/x86/kernel/apic/probe_64.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
index 7c43e71..152d627 100644
--- a/arch/x86/kernel/apic/probe_32.c
+++ b/arch/x86/kernel/apic/probe_32.c
@@ -154,6 +154,9 @@ void __init default_setup_apic_routing(void)
 {
 	int version = apic_version[boot_cpu_physical_apicid];
 
+	if (skip_ioapic_setup)
+		return;
+
 	if (num_possible_cpus() > 8) {
 		switch (boot_cpu_data.x86_vendor) {
 		case X86_VENDOR_INTEL:
diff --git a/arch/x86/kernel/apic/probe_64.c b/arch/x86/kernel/apic/probe_64.c
index c303054..ffc3ae2 100644
--- a/arch/x86/kernel/apic/probe_64.c
+++ b/arch/x86/kernel/apic/probe_64.c
@@ -29,6 +29,9 @@ void __init default_setup_apic_routing(void)
 {
 	struct apic **drv;
 
+	if (skip_ioapic_setup)
+		return;
+
 	enable_IR_x2apic();
 
 	for (drv = __apicdrivers; drv < __apicdrivers_end; drv++) {
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ