| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1490204005-2733-2-git-send-email-joro@8bytes.org>
Date: Wed, 22 Mar 2017 18:33:23 +0100
From: Joerg Roedel <joro@...tes.org>
To: "Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>
Cc: linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
Joerg Roedel <jroedel@...e.de>
Subject: [PATCH 1/3] ACPI, ioapic: Clear on-stack resource before using it
From: Joerg Roedel <jroedel@...e.de>
The on-stack resource-window 'win' in setup_res() is not
properly initialized. This causes the pointers in the
embedded 'struct resource' to contain stale pointers.
These pointers (in my case the ->child pointer) gets later
propagated to the global iomem_resources list, causing a #GP
exception when the list is traversed in
iomem_map_sanity_check().
Fixes: c183619b63ec ('x86/irq, ACPI: Implement ACPI driver to support IOAPIC hotplug')
Signed-off-by: Joerg Roedel <jroedel@...e.de>
---
drivers/acpi/ioapic.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/acpi/ioapic.c b/drivers/acpi/ioapic.c
index 1120dfd6..7e4fbf9 100644
--- a/drivers/acpi/ioapic.c
+++ b/drivers/acpi/ioapic.c
@@ -45,6 +45,12 @@ static acpi_status setup_res(struct acpi_resource *acpi_res, void *data)
struct resource *res = data;
struct resource_win win;
+ /*
+ * We might assign this to 'res' later, make sure all pointers are
+ * cleared before the resource is added to the global list
+ */
+ memset(&win, 0, sizeof(win));
+
res->flags = 0;
if (acpi_dev_filter_resource_type(acpi_res, IORESOURCE_MEM))
return AE_OK;
--
1.9.1
Powered by blists - more mailing lists