lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Aug 2016 20:07:19 +0800
From:   Wanpeng Li <kernellwp@...il.com>
To:     linux-kernel@...r.kernel.org, <x86@...nel.org>
Cc:     Wanpeng Li <wanpeng.li@...mail.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "H. Peter Anvin" <hpa@...or.com>, Joerg Roedel <joro@...tes.org>
Subject: [PATCH v3] x86/apic: Fix modify_irte NULL pointer

From: Wanpeng Li <wanpeng.li@...mail.com>

native_smp_prepare_cpus
  -> default_setup_apic_routing
    -> enable_IR_x2apic
      -> irq_remapping_prepare
        -> intel_prepare_irq_remapping
          -> intel_setup_irq_remapping		  

IR table is setup even if "noapic" boot parameter is added.

As a result:

    BUG: unable to handle kernel NULL pointer dereference at           (null)
    IP: [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
    PGD 209638067 PUD 2105f4067 PMD 0 
    Oops: 0000 [#1] SMP
    RIP: 0010:[<ffffffff8d5a5e58>]  [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
    Call Trace:
     intel_ir_set_affinity+0xa3/0xb0
     msi_domain_set_affinity+0x21/0x70
     ? __irq_set_affinity+0x34/0x70
     irq_do_set_affinity+0x1d/0x70
     irq_set_affinity_locked+0xc2/0x100
     __irq_set_affinity+0x47/0x70
     write_irq_affinity.isra.7+0xcc/0xf0
     irq_affinity_proc_write+0x19/0x20
     proc_reg_write+0x3d/0x70
     ? rcu_sync_lockdep_assert+0x2f/0x60
     __vfs_write+0x28/0x120
     ? percpu_down_read+0x5c/0xa0
     ? __sb_start_write+0xca/0xe0
     ? __sb_start_write+0xca/0xe0
     vfs_write+0xb5/0x1b0
     SyS_write+0x49/0xa0
     do_syscall_64+0x81/0x220
     entry_SYSCALL64_slow_path+0x25/0x25
    RIP  [<ffffffff8d5a5e58>] modify_irte+0x58/0x140
     RSP <ffff8e9ad01b7c78>
    CR2: 0000000000000000
    
This patch fix it by disabling IOAPIC support if "noapic" is on the kernel 
command line.

Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: Joerg Roedel <joro@...tes.org>
Signed-off-by: Wanpeng Li <wanpeng.li@...mail.com>
---
v2 -> v3:
 * update changelog
 * skip ioapic instead of the whole APIC
v1 -> v2: 
 * not call any of the apic functions when apic is disabled

 arch/x86/kernel/apic/apic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index cea4fc1..50c95af 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1623,6 +1623,9 @@ void __init enable_IR_x2apic(void)
 	unsigned long flags;
 	int ret, ir_stat;
 
+	if (skip_ioapic_setup)
+		return;
+
 	ir_stat = irq_remapping_prepare();
 	if (ir_stat < 0 && !x2apic_supported())
 		return;
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ