lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAGCbPWS5yU6cHURZqCc8R77Gebjo3SoouDCU1sgB=zkBMooc8w@mail.gmail.com>
Date:   Sat, 25 Feb 2017 00:14:33 +0100
From:   koos vriezen <koos.vriezen@...il.com>
To:     linux-kernel@...r.kernel.org
Subject: PATCH; intel-iommu Fix NULL pointer dereference in
 snd_soc_sst_haswell_pcm registration

Hi,

This oops

[    1.616381] sst-acpi INT3438:00: DesignWare DMA Controller, 8 channels
[    1.616505] BUG: unable to handle kernel NULL pointer dereference
at 00000000000007ab
[    1.616512] IP: [<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0
[    1.616515] PGD 0

[    1.616518] Oops: 0000 [#1] SMP
[    1.616563] Modules linked in: snd_soc_sst_haswell_pcm(+)
snd_soc_sst_dsp snd_soc_sst_ipc joydev snd_soc_sst_firmware dell_wmi
dell_laptop intel_rapl x86_pkg_temp_thermal dell_smbios snd_hd
a_codec_hdmi intel_powerclamp coretemp kvm_intel kvm irqbypass
crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel
aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd
wl(PO) efivars hid_multitouch rtsx_pci_ms sg memstick cfg80211
intel_pch_thermal i915 intel_gtt snd_soc_rt286 i2c_algo_bit
snd_soc_rl6347a drm_kms_helper snd_soc_core syscopyarea sysfillrect
sysimgblt snd_hda_intel fb_sys_fops snd_hda_codec lpc_ich drm
snd_hda_core ac97_bus shpchp cfbfillrect snd_pcm dw_dmac cfbimgblt
snd_timer snd cfbcopyarea wmi battery intel_vbtn int3403_therma
l snd_soc_sst_acpi dw_dmac_core soundcore
[    1.616584]  snd_soc_sst_match int3402_thermal
processor_thermal_device int340x_thermal_zone intel_soc_dts_iosf
int3406_thermal int3400_thermal acpi_pad intel_hid acpi_thermal_rel ac
evdev
efivarfs ip_tables x_tables autofs4 i2c_hid hid rtsx_pci_sdmmc
mmc_core i2c_i801 i2c_smbus xhci_pci xhci_hcd usbcore rtsx_pci
mfd_core usb_common fan thermal gpio_lynxpoint i2c_designware_plat
form i2c_designware_core
[    1.616588] CPU: 2 PID: 231 Comm: systemd-udevd Tainted: P     U
 O    4.9.11 #5
[    1.616589] Hardware name: Dell Inc. XPS 13 9343/09K8G1, BIOS A11 12/08/2016
[    1.616591] task: ffff880213d2c980 task.stack: ffffc90001454000
[    1.616597] RIP: 0010:[<ffffffff8132234a>]  [<ffffffff8132234a>]
device_to_iommu+0x11a/0x1a0
[    1.616598] RSP: 0018:ffffc90001457a78  EFLAGS: 00010246
[    1.616600] RAX: ffff880216008c00 RBX: 0000000000000010 RCX: 0000000000000001
[    1.616601] RDX: ffffc90001457aa5 RSI: ffffc90001457aa4 RDI: ffff880215b6ca68
[    1.616603] RBP: ffff880216004710 R08: ffff880215b6ca68 R09: ffff88021600aa00
[    1.616604] R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000002
[    1.616605] R13: 0000000000000000 R14: ffff88020e468280 R15: 00000000000a0000
[    1.616608] FS:  00007f60c05e18c0(0000) GS:ffff88021f500000(0000)
knlGS:0000000000000000
[    1.616610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.616611] CR2: 00000000000007ab CR3: 0000000215794000 CR4: 00000000003406e0
[    1.616612] Stack:
[    1.616616]  000000007fffffff ffff880215bce010 ffff88020e300000
ffff880215bce010
[    1.616620]  ffffffff8132593a 0000000000000001 ffffffffa0242d31
000000007fffffff
[    1.616623]  ffff880215bce010 ffff88020e300000 ffffffff81326ec9
0000000200000000
[    1.616624] Call Trace:
[    1.616630]  [<ffffffff8132593a>] ?
find_or_alloc_domain.constprop.29+0x1a/0x300
[    1.616636]  [<ffffffffa0242d31>] ? dw_dma_probe+0x561/0x580 [dw_dmac_core]
[    1.616640]  [<ffffffff81326ec9>] ? __get_valid_domain_for_dev+0x39/0x120
[    1.616644]  [<ffffffff81327308>] ? __intel_map_single+0x138/0x180
[    1.616648]  [<ffffffff81327436>] ? intel_alloc_coherent+0xb6/0x120
[    1.616656]  [<ffffffffa11e1ed3>] ? sst_hsw_dsp_init+0x173/0x420
[snd_soc_sst_haswell_pcm]
[    1.616660]  [<ffffffff814b0139>] ? mutex_lock+0x9/0x30
[    1.616664]  [<ffffffff8119058b>] ? kernfs_add_one+0xdb/0x130
[    1.616668]  [<ffffffff813358e9>] ? devres_add+0x19/0x60
[    1.616675]  [<ffffffffa11e38f6>] ? hsw_pcm_dev_probe+0x46/0xd0
[snd_soc_sst_haswell_pcm]
[    1.616679]  [<ffffffff81334470>] ? platform_drv_probe+0x30/0x90
[    1.616683]  [<ffffffff81332b7d>] ? driver_probe_device+0x1ed/0x2b0
[    1.616687]  [<ffffffff81332ccf>] ? __driver_attach+0x8f/0xa0
[    1.616691]  [<ffffffff81332c40>] ? driver_probe_device+0x2b0/0x2b0
[    1.616694]  [<ffffffff81330d75>] ? bus_for_each_dev+0x55/0x90
[    1.616698]  [<ffffffff81331fa0>] ? bus_add_driver+0x110/0x210
[    1.616701]  [<ffffffffa11ea000>] ? 0xffffffffa11ea000
[    1.616705]  [<ffffffff81333322>] ? driver_register+0x52/0xc0
[    1.616707]  [<ffffffffa11ea000>] ? 0xffffffffa11ea000
[    1.616710]  [<ffffffff810003e2>] ? do_one_initcall+0x32/0x130
[    1.616714]  [<ffffffff81104ed7>] ? free_vmap_area_noflush+0x37/0x70
[    1.616717]  [<ffffffff81119f08>] ? kmem_cache_alloc+0x88/0xd0
[    1.616721]  [<ffffffff810cf1cd>] ? do_init_module+0x51/0x1c4
[    1.616726]  [<ffffffff810aca19>] ? load_module+0x1ee9/0x2430
[    1.616730]  [<ffffffff810a9d50>] ? show_taint+0x20/0x20
[    1.616734]  [<ffffffff81133a5d>] ? kernel_read_file+0xfd/0x190
[    1.616739]  [<ffffffff810ad123>] ? SyS_finit_module+0xa3/0xb0
[    1.616742]  [<ffffffff810013aa>] ? do_syscall_64+0x4a/0xb0
[    1.616746]  [<ffffffff814b22ca>] ? entry_SYSCALL64_slow_path+0x25/0x25
[    1.616792] Code: 78 ff ff ff 4d 85 c0 74 ee 49 8b 5a 10 0f b6 9b
e0 00 00 00 41 38 98 e0 00 00 00 77 da 0f b6 eb 49 39 a8 88 00 00 00
72 ce eb 8f <41> f6 82 ab 07 00 00 04 0f 85 76 ff ff f
f 0f b6 4d 08 88 0e 49
[    1.616796] RIP  [<ffffffff8132234a>] device_to_iommu+0x11a/0x1a0
[    1.616797]  RSP <ffffc90001457a78>
[    1.616798] CR2: 00000000000007ab
[    1.616800] ---[ end trace 16f974b6d58d0aad ]---

is because of a missing null ptr check for non-pci devices.
Tested against 4.9.11. Also see
https://bugzilla.redhat.com/show_bug.cgi?id=1411946

Signed-off-by: Koos Vriezen <koos.vriezen@...il.com>

Koos

Download attachment "PATCH_iommu_Fix_null_pointer_deref_in_device_to_iommu" of type "application/octet-stream" (464 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ