| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87o73k7fg2.fsf@yhuang6-desk2.ccr.corp.intel.com>
Date: Wed, 16 Oct 2024 14:02:53 +0800
From: "Huang, Ying" <ying.huang@...el.com>
To: Li Zhijian <lizhijian@...itsu.com>
Cc: linux-cxl@...r.kernel.org, Davidlohr Bueso <dave@...olabs.net>,
Jonathan Cameron <jonathan.cameron@...wei.com>, Dave Jiang
<dave.jiang@...el.com>, Alison Schofield <alison.schofield@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>, Ira Weiny
<ira.weiny@...el.com>, Dan Williams <dan.j.williams@...el.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] testing/cxl: Fix abused pci_bus_read_config_word() on
platform device
Hi, Zhijian,
Li Zhijian <lizhijian@...itsu.com> writes:
> The cxl_region_shared_upstream_bandwidth_update() in clx_core works on
> PCI/PCIe CXL device only while cxl_test was implemeneted by platform
> device.
>
> Mock a cxl_region_shared_upstream_bandwidth_update() which does nothing
> for cxl_core so that the cxl_test goes well.
>
> Abuse cxl_region_shared_upstream_bandwidth_update() on platform device
> will cause a kernel panic with calltrace:
> platform cxl_host_bridge.3: host supports CXL (restricted)
> Oops: general protection fault, probably for non-canonical address 0x3ef17856fcae4fbd: 0000 [#1] PREEMPT SMP PTI
> CPU: 1 UID: 0 PID: 9167 Comm: cxl Kdump: loaded Tainted: G OE 6.12.0-rc3-master+ #66
> Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> Hardware name: LENOVO 90CXCTO1WW/, BIOS FCKT70AUS 04/23/2015
> RIP: 0010:pci_bus_read_config_word+0x1c/0x60
> Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 53 b8 87 00 00 00 48 83 ec 08 c7 44 24 04 00 00 00 00 f6 c2 01 75 29 <48> 8b 87 c0 00 00 00 48 89 cb 4c 8d 44 24 04 b9 02 00 00 00 48 8b
> RSP: 0018:ffffa115034dfbb8 EFLAGS: 00010246
> RAX: 0000000000000087 RBX: 0000000000000012 RCX: ffffa115034dfbfe
> RDX: 0000000000000016 RSI: 000000006f4e2f4e RDI: 3ef17856fcae4efd
> RBP: ffff8cc229121b48 R08: 0000000000000010 R09: 0000000000000000
> R10: 0000000000000001 R11: ffff8cc225434360 R12: ffffa115034dfbfe
> R13: 0000000000000000 R14: ffff8cc2f119a080 R15: ffffa115034dfc50
> FS: 00007f31d93537c0(0000) GS:ffff8cc510a80000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f31d95f3370 CR3: 00000001163ea001 CR4: 00000000001726f0
> Call Trace:
> <TASK>
> ? __die_body.cold+0x19/0x27
> ? die_addr+0x38/0x60
> ? exc_general_protection+0x1f5/0x4b0
> ? asm_exc_general_protection+0x22/0x30
> ? pci_bus_read_config_word+0x1c/0x60
> pcie_capability_read_word+0x93/0xb0
> pcie_link_speed_mbps+0x18/0x50
> cxl_pci_get_bandwidth+0x18/0x60 [cxl_core]
> cxl_endpoint_gather_bandwidth.constprop.0+0xf4/0x230 [cxl_core]
> ? xas_store+0x54/0x660
> ? preempt_count_add+0x69/0xa0
> ? _raw_spin_lock+0x13/0x40
> ? __kmalloc_cache_noprof+0xe7/0x270
> cxl_region_shared_upstream_bandwidth_update+0x9c/0x790 [cxl_core]
> cxl_region_attach+0x520/0x7e0 [cxl_core]
> store_targetN+0xf2/0x120 [cxl_core]
> kernfs_fop_write_iter+0x13a/0x1f0
> vfs_write+0x23b/0x410
> ksys_write+0x53/0xd0
> do_syscall_64+0x62/0x180
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
> And Ying also reported a KASAN error with similar calltrace.
>
> Reported-by: "Huang, Ying" <ying.huang@...el.com>
> Closes: https://lore.kernel.org/linux-cxl/87y12w9vp5.fsf@yhuang6-desk2.ccr.corp.intel.com/
> Fixes: a5ab0de0ebaa ("cxl: Calculate region bandwidth of targets with shared upstream link")
> Signed-off-by: Li Zhijian <lizhijian@...itsu.com>
This fixes the KASAN error report in my test too. Thanks! Feel free to
add
Tested-by: "Huang, Ying" <ying.huang@...el.com>
--
Best Regards,
Huang, Ying
Powered by blists - more mailing lists