| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2019 11:30:32 -0700
From: Logan Gunthorpe <logang@...tatee.com>
To: Jarkko Nikula <jarkko.nikula@...ux.intel.com>,
linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
Bjorn Helgaas <bhelgaas@...gle.com>
Cc: Stephen Bates <sbates@...thlin.com>
Subject: Re: [PATCH] PCI: fix using __initdata memory after free in
disable_acs_redir parameter
On 2019-01-16 2:37 a.m., Jarkko Nikula wrote:
> So this doesn't happen if you revert c5eb1190074c?
Yes, but the bug was fully mine in the disable_acs_redir code. That
patch only just made it noticable to me.
> I guess this is due dev->state_saved being true set by
> pci_pm_runtime_suspend() -> pci_save_state() after my patch and now
> pci_pm_runtime_resume() -> pci_restore_standard_config() ->
> pci_restore_state() reach the pci_enable_acs(). I think this is possible
> to trigger also before my patch if device has the runtime PM callback
> defined?
Yes, I also think it was possible to trigger without that patch. I just
never hit it.
> I wasn't able to trigger this but I saw
> "PCI: Can't parse disable_acs_redir parameter: " followed by a few lines
> of junk during boot when I defined pci=disable_acs_redir=0000:00:xy.z
> which disappear after your patch.
Yes, I guess in theory, it will also depend what happens to the RAM the
parameter pointer points too. On my system it's panicing trying to
access unallocated RAM, on yours it may be reading RAM that's used for
another purpose and spewing garbage because of it.
> Tested-by: Jarkko Nikula <jarkko.nikula@...ux.intel.com>
> Reviewed-by: Jarkko Nikula <jarkko.nikula@...ux.intel.com>
Thanks!
Logan
Powered by blists - more mailing lists