lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 08 Nov 2017 19:09:42 +0100
From:   Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>
To:     Fengguang Wu <fengguang.wu@...el.com>
Cc:     linux-ide@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
        "David S. Miller" <davem@...emloft.net>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jens Axboe <axboe@...nel.dk>,
        Bart Van Assche <bart.vanassche@...disk.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [cdrom_check_status] BUG: unable to handle kernel NULL pointer
 dereference at 000001c0

On Wednesday, November 08, 2017 05:28:16 PM Bartlomiej Zolnierkiewicz wrote:

> Something is very wrong here as pci_request_selected_regions() in
> drivers/ide/setup-pci.c:ide_pci_enable() should allocate PCI resources
> so the second probe attempt should not happen. Also interface/device
> names reuse should be prevented by ide_find_port_slot()..

OK, I see now what is going on here:

...
CONFIG_DEBUG_TEST_DRIVER_REMOVE=y
...

config DEBUG_TEST_DRIVER_REMOVE
	bool "Test driver remove calls during probe (UNSTABLE)"
	depends on DEBUG_KERNEL
	help
	  Say Y here if you want the Driver core to test driver remove functions
	  by calling probe, remove, probe. This tests the remove path without
	  having to unbind the driver or unload the driver module.

	  This option is expected to find errors and may render your system
	  unusable. You should say N here unless you are explicitly looking to
	  test this functionality.

We actually see race on ->remove inside IDE's ide-cd.c driver related to
disk_check_events() handling..

It is not worth to continue with fixing IDE but from the quick look SCSI
sr.c may have similar problem - it may be worth to try to reproduce it
using libata's piix driver (disable CONFIG_IDE and enable CONFIG_BLK_DEV_SR,
CONFIG_ATA_PIIX is already enabled).

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ