lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Mar 2023 08:38:51 +0000
From:   Li Zhijian <lizhijian@...itsu.com>
To:     <dan.j.williams@...el.com>, <vishal.l.verma@...el.com>,
        <dave.jiang@...el.com>, <ira.weiny@...el.com>,
        <nvdimm@...ts.linux.dev>
CC:     <linux-kernel@...r.kernel.org>, Li Zhijian <lizhijian@...itsu.com>
Subject: [PATCH] nvdimm: nvdimm_bus_register: Avoid adding device to the unregistered bus

nvdimm_bus_register() could be called from other modules, such as nfit,
but it can only be called after the nvdimm_bus_type is registered.

 BUG: kernel NULL pointer dereference, address: 0000000000000098
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: 0000 [#1] PREEMPT SMP PTI
 CPU: 0 PID: 117 Comm: systemd-udevd Not tainted 6.2.0-rc6-pmem+ #97
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
 RIP: 0010:bus_add_device+0x58/0x150
 Call Trace:
  <TASK>
  device_add+0x3ac/0x980
  nvdimm_bus_register+0x16d/0x1d0
  acpi_nfit_init+0xb72/0x1f90 [nfit]
  acpi_nfit_add+0x1d5/0x200 [nfit]
  acpi_device_probe+0x45/0x160
  really_probe+0xce/0x390
  __driver_probe_device+0x78/0x180
  driver_probe_device+0x1e/0x90
  __driver_attach+0xd6/0x1d0
  bus_for_each_dev+0x7b/0xc0
  bus_add_driver+0x1ac/0x200
  driver_register+0x8f/0xf0
  nfit_init+0x164/0xff0 [nfit]
  do_one_initcall+0x5b/0x320
  do_init_module+0x4c/0x1f0
  __do_sys_finit_module+0xb4/0x130
  do_syscall_64+0x3b/0x90
  entry_SYSCALL_64_after_hwframe+0x72/0xdc

Signed-off-by: Li Zhijian <lizhijian@...itsu.com>
---
 drivers/nvdimm/bus.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c
index ada61bbf49c1..ea66053072cb 100644
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -28,6 +28,7 @@
 static int nvdimm_bus_major;
 struct class *nd_class;
 static DEFINE_IDA(nd_ida);
+static bool nvdimm_bus_type_registered;
 
 static int to_nd_device_type(struct device *dev)
 {
@@ -337,6 +338,10 @@ struct nvdimm_bus *nvdimm_bus_register(struct device *parent,
 	struct nvdimm_bus *nvdimm_bus;
 	int rc;
 
+	if (!nvdimm_bus_type_registered) {
+		pr_warn("nvdimm bus type is not registered\n");
+		return NULL;
+	}
 	nvdimm_bus = kzalloc(sizeof(*nvdimm_bus), GFP_KERNEL);
 	if (!nvdimm_bus)
 		return NULL;
@@ -1321,6 +1326,7 @@ int __init nvdimm_bus_init(void)
 	if (rc)
 		goto err_nd_bus;
 
+	nvdimm_bus_type_registered = true;
 	return 0;
 
  err_nd_bus:
@@ -1343,4 +1349,5 @@ void nvdimm_bus_exit(void)
 	unregister_chrdev(nvdimm_major, "dimmctl");
 	bus_unregister(&nvdimm_bus_type);
 	ida_destroy(&nd_ida);
+	nvdimm_bus_type_registered = false;
 }
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ