lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 27 May 2024 11:15:55 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Nam Cao <namcao@...utronix.de>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>, Yinghai Lu <yinghai@...nel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
	Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
	Mika Westerberg <mika.westerberg@...ux.intel.com>
Subject: Re: [PATCH v2 2/2] PCI: pciehp: Abort hot-plug if
 pci_hp_add_bridge() fails

On Tue, May 07, 2024 at 04:27:38PM +0200, Nam Cao wrote:
> On Mon, May 06, 2024 at 09:36:44PM +0200, Lukas Wunner wrote:
> > Remind me, how exactly does the NULL pointer deref occur?  I think it's
> > because no struct pci_bus was allocated for the subordinate bus of the
> > hot-plugged bridge, right?  Because AFAICS that would happen in
> > 
> > pci_hp_add_bridge()
> >   pci_can_bridge_extend()
> >     pci_add_new_bus()
> >       pci_alloc_child_bus()
> > 
> > but we never get that far because pci_hp_add_bridge() bails out with -1.
> > So the subordinate pointer remains a NULL pointer.
> 
> This is correct. NULL deference happens due to subordinate pointer being
> NULL.
> 
> > Or check for a NULL subordinate pointer instead of crashing.
> 
> I think this is a possible solution, but it is a bit complicated: all usage
> of subordinate pointers will need to be looked at.

We already check for a NULL subordinate pointer in various places.
See e.g. commit 62e4492c3063 ("PCI: Prevent NULL dereference during
pciehp probe").

If we're missing such checks, I'd suggest to add those.

If you believe having a NULL subordinate pointer is wrong and the
bridge should be de-enumerated altogether, I think you would have
to remove these NULL pointer checks as they'd otherwise become
pointless with your change.

Just adding missing NULL pointer checks seems to be the most
straightforward solution to me.

Thanks,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ