lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 17 Apr 2020 09:03:35 +0800
From:   Daniel Drake <drake@...lessm.com>
To:     joro@...tes.org
Cc:     agross@...nel.org, baolu.lu@...ux.intel.com,
        bjorn.andersson@...aro.org, dwmw2@...radead.org,
        gerald.schaefer@...ibm.com, heiko@...ech.de,
        iommu@...ts.linux-foundation.org, jean-philippe@...aro.org,
        jonathanh@...dia.com, kgene@...nel.org, krzk@...nel.org,
        linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mediatek@...ts.infradead.org,
        linux-rockchip@...ts.infradead.org, linux-s390@...r.kernel.org,
        linux-samsung-soc@...r.kernel.org, linux-tegra@...r.kernel.org,
        m.szyprowski@...sung.com, matthias.bgg@...il.com,
        robdclark@...il.com, robin.murphy@....com,
        thierry.reding@...il.com,
        virtualization@...ts.linux-foundation.org, will@...nel.org,
        jonathan.derrick@...el.com
Subject: Re: [PATCH v2 00/33] iommu: Move iommu_group setup to IOMMU core code

Hi Joerg,

> Hi,
> 
> here is the second version of this patch-set. The first version with
> some more introductory text can be found here:
> 
> 	https://lore.kernel.org/lkml/20200407183742.4344-1-joro@8bytes.org/

Thanks for the continued improvements in this area!

I may have spotted a problem with setups like VMD.

The core PCI bus is set up during early boot.
Then, for the PCI bus, we reach iommu_bus_init() -> bus_iommu_probe().
In there, we call probe_iommu_group() -> dev_iommu_get() for each PCI
device, which allocates dev->iommu in each case. So far so good.

The problem is that this is the last time that we'll call dev_iommu_get().
If any PCI bus devices get added after this point, they do not get passed
to dev_iommu_get().

So when the vmd module gets loaded later, and creates more PCI devices,
we end up in iommu_bus_notifier() -> iommu_probe_device()
-> __iommu_probe_device() which does:

	dev->iommu->iommu_dev = iommu_dev;

dev->iommu-> is a NULL dereference because dev_iommu_get() was never
called for this new device.

Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ