lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BN9PR11MB527622B2EC5B254C074F36988C34A@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Fri, 15 Aug 2025 09:23:02 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: "Vineeth Pillai (Google)" <vineeth@...byteword.org>, David Woodhouse
	<dwmw2@...radead.org>, Lu Baolu <baolu.lu@...ux.intel.com>
CC: "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] iommu/vt-d: debugfs: fix legacy mode page table dump
 logic

> From: Vineeth Pillai (Google) <vineeth@...byteword.org>
> Sent: Friday, August 15, 2025 12:32 AM
> 
> In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR
> maybe uninitialized or zero in that case and may cause oops like:
> 
>  Oops: general protection fault, probably for non-canonical address
> 0xf00087d3f000f000: 0000 [#1] SMP NOPTI
>  CPU: 2 UID: 0 PID: 786 Comm: cat Not tainted 6.16.0 #191
> PREEMPT(voluntary)
>  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42
> 04/01/2014
>  RIP: 0010:pgtable_walk_level+0x98/0x150
>  RSP: 0018:ffffc90000f279c0 EFLAGS: 00010206
>  RAX: 0000000040000000 RBX: ffffc90000f27ab0 RCX: 000000000000001e
>  RDX: 0000000000000003 RSI: f00087d3f000f000 RDI: f00087d3f0010000
>  RBP: ffffc90000f27a00 R08: ffffc90000f27a98 R09: 0000000000000002
>  R10: 0000000000000000 R11: 0000000000000000 R12: f00087d3f000f000
>  R13: 0000000000000000 R14: 0000000040000000 R15: ffffc90000f27a98
>  FS:  0000764566dcb740(0000) GS:ffff8881f812c000(0000)
> knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000764566d44000 CR3: 0000000109d81003 CR4: 0000000000772ef0
>  PKRU: 55555554
>  Call Trace:
>   <TASK>
>   pgtable_walk_level+0x88/0x150
>   domain_translation_struct_show.isra.0+0x2d9/0x300
>   dev_domain_translation_struct_show+0x20/0x40
>   seq_read_iter+0x12d/0x490
> ...
> 
> Avoid walking the page table if TT is not 00b or 01b.
> 
> Signed-off-by: Vineeth Pillai (Google) <vineeth@...byteword.org>

Reviewed-by: Kevin Tian <kevin.tian@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ