lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <nst6vubi5f4izjlxahspirg2agar5szmfczfknhiyzb36srfo7@uyzu4k52eoyt>
Date: Mon, 27 Oct 2025 22:46:47 +0530
From: Manivannan Sadhasivam <mani@...nel.org>
To: Christian Marangi <ansuelsmth@...il.com>, 
	Krzysztof Wilczyński <kwilczynski@...nel.org>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>, linux-pci@...r.kernel.org, 
	linux-kernel@...r.kernel.org, stable@...r.kernel.org, 
	Krzysztof Hałasa <khalasa@...p.pl>, Shuan He <heshuan@...edance.com>
Subject: Re: [PATCH] PCI/sysfs: enforce single creation of sysfs entry for
 pdev

On Tue, Oct 14, 2025 at 12:37:16AM +0200, Christian Marangi wrote:

+ Krzysztof Wilczyński, Shuan He (since they were involved in similar discussion
before)

> In some specific scenario it's possible that the
> pci_create_resource_files() gets called multiple times and the created
> entry actually gets wrongly deleted with extreme case of having a NULL
> pointer dereference when the PCI is removed.
> 
> This mainly happen due to bad timing where the PCI bus is adding PCI
> devices and at the same time the sysfs code is adding the entry causing
> double execution of the pci_create_resource_files function and kernel
> WARNING.
> 
> To be more precise there is a race between the late_initcall of
> pci-sysfs with pci_sysfs_init and PCI bus.c pci_bus_add_device that also
> call pci_create_sysfs_dev_files.
> 
> With correct amount of ""luck"" (or better say bad luck)
> pci_create_sysfs_dev_files in bus.c might be called with pci_sysfs_init
> is executing the loop.
> 
> This has been reported multiple times and on multiple system, like imx6
> system, ipq806x systems...
> 

Yes. More recently on the RISC-V platform:
https://lore.kernel.org/linux-pci/20250702155112.40124-1-heshuan@bytedance.com/

> To address this, imlement multiple improvement to the implementation:
> 1. Add a bool to pci_dev to flag when sysfs entry are created
>    (sysfs_init)
> 2. Implement a simple completion to wait pci_sysfs_init execution.
> 3. Permit additional call of pci_create_sysfs_dev_files only after
>    pci_sysfs_init has finished.
> 
> With such logic in place, we address al kind of timing problem with
> minimal change to any driver.
> 

We do have the same issue with pci_proc_attach_device() as well. I submitted a
dumb series [1] that removed both pci_create_sysfs_dev_files() and
pci_proc_attach_device() calls from their _init() calls, but I was pointed out
that they are required for PCI_ROM_RESOURCE.

Then it was suggested that making the sysfs resource files static would be
the proper solution (not sure what's about proc). Krzysztof had some work on
this topic earlier and had plans to revive it, but I guess he didn't get much
time so far.

Krzysztof, if you do not mind, could you please share your previous work so that
someone else can try to extend it if you are busy?

- Mani

[1] https://lore.kernel.org/linux-pci/20250723111124.13694-1-manivannan.sadhasivam@oss.qualcomm.com

-- 
மணிவண்ணன் சதாசிவம்

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ