| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231127185246.2371939-1-alexander.antonov@linux.intel.com>
Date: Mon, 27 Nov 2023 10:52:44 -0800
From: alexander.antonov@...ux.intel.com
To: peterz@...radead.org, linux-kernel@...r.kernel.org
Cc: kan.liang@...ux.intel.com, kyle.meyer@....com,
alexey.v.bayduraev@...ux.intel.com,
alexander.antonov@...ux.intel.com
Subject: [PATCH v2 0/2] Fix NULL pointer dereference issue during discovering UPI topology
From: Alexander Antonov <alexander.antonov@...ux.intel.com>
The NULL dereference happens inside upi_fill_topology() procedure in
case of disabling one of the sockets on the system.
For example, if you disable the 2nd socket on a 4-socket system then
uncore_max_dies() returns 3 and inside pmu_alloc_topology() memory will
be allocated only for 3 sockets and stored in type->topology.
In discover_upi_topology() memory is accessed by socket id from CPUNODEID
registers which contain physical ids (from 0 to 3) and on the line:
upi = &type->topology[nid][idx];
out-of-bound access will happen and the 'upi' pointer will be passed to
upi_fill_topology() where it will be dereferenced.
To avoid this issue update the code to convert physical socket id to
logical socket id in discover_upi_topology() before accessing memory.
Changed in v2:
1. Factor out topology_gidnid_map() with common code for GIDNIDMAP procedure
Alexander Antonov (2):
perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology()
perf/x86/intel/uncore: Factor out topology_gidnid_map()
arch/x86/events/intel/uncore_snbep.c | 71 ++++++++++++++++------------
1 file changed, 40 insertions(+), 31 deletions(-)
--
2.25.1
Powered by blists - more mailing lists