lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250812061028.O01CaCXa@linutronix.de>
Date: Tue, 12 Aug 2025 08:10:28 +0200
From: Nam Cao <namcao@...utronix.de>
To: Bjorn Helgaas <helgaas@...nel.org>
Cc: Lorenzo Pieralisi <lpieralisi@...nel.org>,
	Krzysztof WilczyƄski <kwilczynski@...nel.org>,
	Manivannan Sadhasivam <mani@...nel.org>,
	Rob Herring <robh@...nel.org>, Bjorn Helgaas <bhelgaas@...gle.com>,
	Michal Simek <michal.simek@....com>,
	Thomas Gleixner <tglx@...utronix.de>, linux-pci@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] PCI: xilinx: Fix NULL pointer dereference

On Mon, Aug 11, 2025 at 05:29:37PM -0500, Bjorn Helgaas wrote:
> On Mon, Aug 11, 2025 at 07:41:44AM +0200, Nam Cao wrote:
> > Commit f29861aa301c5 ("PCI: xilinx: Switch to
> > msi_create_parent_irq_domain()") changed xilinx_pcie::msi_domain from child
> > devices' interrupt domain into Xilinx AXI bridge's interrupt domain.
> > 
> > However, xilinx_pcie_intr_handler() wasn't changed and still reads Xilinx
> > AXI bridge's interrupt domain from xilinx_pcie::msi_domain->parent. This
> > pointer is NULL now.
> > 
> > Update xilinx_pcie_intr_handler() to read the correct interrupt domain
> > pointer.
> > 
> > Fixes: f29861aa301c5 ("PCI: xilinx: Switch to msi_create_parent_irq_domain()")
> 
> Since this appeared in v6.17-rc1, I suppose this should be merged for
> v6.17, right?  I provisionally put this on pci/for-linus for now.

Yes please.

> What does this look like to a user?  I assume a NULL pointer
> dereference in xilinx_pcie_intr_handler()?  Do you have a dmesg
> snippet from hitting it?  It would be nice to include a couple lines
> of that in the commit log to help users find this fix.

Sorry I didn't clarify this, but this has not been tested with hardware.

Claudiu pointed out this problem with another driver [1], so I audited all
the other drivers that I touched and noticed that this one has the same
problem.

Nam

https://lore.kernel.org/linux-pci/20250809144447.3939284-1-claudiu.beznea.uj@bp.renesas.com/ [1]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ