| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Aug 2018 22:03:00 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: Thomas Gleixner <tglx@...utronix.de>, mingo@...hat.com,
hpa@...or.com, mark.rutland@....com, swood@...hat.com,
paulmck@...ux.vnet.ibm.com
Cc: x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [BUG] x86: kernel: nmi: A possible sleep-in-atomic-context bug in
nmi_handle()
The code may sleep with holding a rcu read lock.
The function call paths (from bottom to top) in Linux-4.16 are:
========== BUG ==========
[FUNC] kmalloc(GFP_KERNEL)
arch/x86/mm/mmio-mod.c, 237: kmalloc in ioremap_trace_core
arch/x86/mm/mmio-mod.c, 289: ioremap_trace_core in mmiotrace_ioremap
arch/x86/mm/ioremap.c, 243: mmiotrace_ioremap in __ioremap_caller
arch/x86/mm/ioremap.c, 367: __ioremap_caller in ioremap_cache
./include/acpi/acpi_io.h, 13: ioremap_cache in acpi_os_ioremap
drivers/acpi/osl.c, 702: acpi_os_ioremap in acpi_os_read_memory
drivers/acpi/apei/apei-base.c, 662: acpi_os_read_memory in apei_read
drivers/acpi/apei/ghes.c, 335: apei_read in ghes_read_estatus
drivers/acpi/apei/ghes.c, 941: ghes_read_estatus in ghes_notify_nmi
arch/x86/kernel/nmi.c, 137: [FUNC_PTR]ghes_notify_nmi in nmi_handle
arch/x86/kernel/nmi.c, 124: rcu_read_lock in nmi_handle
Note that [FUNC_PTR] means a function pointer call is used.
I do not find a good way to fix it, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Best wishes,
Jia-Ju Bai
Powered by blists - more mailing lists