lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44629b35-8315-c090-eca7-ca1e9347ba13@deltatee.com>
Date:   Wed, 16 Jan 2019 11:30:32 -0700
From:   Logan Gunthorpe <logang@...tatee.com>
To:     Jarkko Nikula <jarkko.nikula@...ux.intel.com>,
        linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
        Bjorn Helgaas <bhelgaas@...gle.com>
Cc:     Stephen Bates <sbates@...thlin.com>
Subject: Re: [PATCH] PCI: fix using __initdata memory after free in
 disable_acs_redir parameter



On 2019-01-16 2:37 a.m., Jarkko Nikula wrote:
> So this doesn't happen if you revert c5eb1190074c?

Yes, but the bug was fully mine in the disable_acs_redir code. That
patch only just made it noticable to me.

> I guess this is due dev->state_saved being true set by 
> pci_pm_runtime_suspend() -> pci_save_state() after my patch and now 
> pci_pm_runtime_resume() -> pci_restore_standard_config() -> 
> pci_restore_state() reach the pci_enable_acs(). I think this is possible 
> to trigger also before my patch if device has the runtime PM callback 
> defined?

Yes, I also think it was possible to trigger without that patch. I just
never hit it.

> I wasn't able to trigger this but I saw
> "PCI: Can't parse disable_acs_redir parameter: " followed by a few lines 
> of junk during boot when I defined pci=disable_acs_redir=0000:00:xy.z 
> which disappear after your patch.

Yes, I guess in theory, it will also depend what happens to the RAM the
parameter pointer points too. On my system it's panicing trying to
access unallocated RAM, on yours it may be reading RAM that's used for
another purpose and spewing garbage because of it.

> Tested-by: Jarkko Nikula <jarkko.nikula@...ux.intel.com>
> Reviewed-by: Jarkko Nikula <jarkko.nikula@...ux.intel.com>

Thanks!

Logan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ