lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230725113938.2277420-4-imammedo@redhat.com>
Date:   Tue, 25 Jul 2023 13:39:38 +0200
From:   Igor Mammedov <imammedo@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     terraluna977@...il.com, bhelgaas@...gle.com,
        linux-pci@...r.kernel.org, imammedo@...hat.com, mst@...hat.com
Subject: [RFC 3/3] acpipcihp: use __pci_bus_assign_resources() if bus doesn't have bridge

Commit [1] switched hotplug to pci_assign_unassigned_bridge_resources()
which requires bridge being available, however in S3 suspend/resume
cycle  acpipcihp might receive device check event from firmware and
in case bus->self == NULL, it would make kernel crash with NULL pointer
dereference.
The issue was triggered on  Dell Inspiron 7352/0W6WV0 laptop with
following sequence:
   1. suspend to RAM
   2. wake up
   3. suspend to RAM. which immediately wakes up and following
      backtrace is observed:

[  612.277651] BUG: kernel NULL pointer dereference, address: 0000000000000018
[...]
[  612.277735] Call Trace:
[  612.277739]  <TASK>
[  612.277741]  ? __die+0x1a/0x60
[  612.277749]  ? page_fault_oops+0x158/0x430
[  612.277755]  ? prb_read_valid+0x12/0x20
[  612.277759]  ? console_unlock+0x4d/0x100
[  612.277765]  ? __irq_work_queue_local+0x27/0x60
[  612.277771]  ? irq_work_queue+0x2b/0x50
[  612.277776]  ? exc_page_fault+0x357/0x600
[  612.277781]  ? dev_printk_emit+0x7e/0xa0
[  612.277786]  ? asm_exc_page_fault+0x22/0x30
[  612.277792]  ? __pfx_pci_conf1_read+0x10/0x10
[  612.277798]  ? pci_assign_unassigned_bridge_resources+0x1f/0x260
[  612.277804]  ? pcibios_allocate_dev_resources+0x3c/0x2a0
[  612.277809]  enable_slot+0x21f/0x3e0
[  612.277816]  acpiphp_hotplug_notify+0x13d/0x260
[  612.277822]  ? __pfx_acpiphp_hotplug_notify+0x10/0x10
[  612.277827]  acpi_device_hotplug+0xbc/0x540
[  612.277834]  acpi_hotplug_work_fn+0x15/0x20
[  612.277839]  process_one_work+0x1f7/0x370
[  612.277845]  worker_thread+0x45/0x3b0
[  612.277850]  ? __pfx_worker_thread+0x10/0x10
[  612.277854]  kthread+0xdc/0x110
[  612.277860]  ? __pfx_kthread+0x10/0x10
[  612.277866]  ret_from_fork+0x28/0x40
[  612.277871]  ? __pfx_kthread+0x10/0x10
[  612.277876]  ret_from_fork_asm+0x1b/0x30

Fix it by reverting to __pci_bus_assign_resources() usage instead of
pci_assign_unassigned_bridge_resources() when bus doesn't have bridge
assigned to it.

1) 40613da52b13fb21 (PCI: acpiphp: Reassign resources on bridge if necessary)

Signed-off-by: Igor Mammedov <imammedo@...hat.com>
---
v2: fix inverted bus->self condition
---
 drivers/pci/hotplug/acpiphp_glue.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c
index c0ffb1389fda..816555ab9171 100644
--- a/drivers/pci/hotplug/acpiphp_glue.c
+++ b/drivers/pci/hotplug/acpiphp_glue.c
@@ -499,6 +499,7 @@ pci_info(bus, "enable_slot bus: bridge: %d, bus->self: %p\n", bridge, bus->self)
 				acpiphp_native_scan_bridge(dev);
 		}
 	} else {
+		LIST_HEAD(add_list);
 		int max, pass;
 
 		acpiphp_rescan_slot(slot);
@@ -512,10 +513,18 @@ pci_info(bus, "enable_slot bus: bridge: %d, bus->self: %p\n", bridge, bus->self)
 				if (pass && dev->subordinate) {
 					check_hotplug_bridge(slot, dev);
 					pcibios_resource_survey_bus(dev->subordinate);
+					if (!bus->self)
+						__pci_bus_size_bridges(dev->subordinate, &add_list);
 				}
 			}
 		}
-		pci_assign_unassigned_bridge_resources(bus->self);
+		if (bus->self) {
+pci_info(bus->self, "enable_slot: pci_assign_unassigned_bridge_resources:\n");
+			pci_assign_unassigned_bridge_resources(bus->self);
+		} else {
+pci_info(bus, "enable_slot: __pci_bus_assign_resources:\n");
+			__pci_bus_assign_resources(bus, &add_list, NULL);
+                }
 	}
 
 	acpiphp_sanitize_bus(bus);
-- 
2.39.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ