| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251028173551.22578-2-ilpo.jarvinen@linux.intel.com>
Date: Tue, 28 Oct 2025 19:35:43 +0200
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Alex Bennée <alex.bennee@...aro.org>,
Simon Richter <Simon.Richter@...yros.de>,
Lucas De Marchi <lucas.demarchi@...el.com>,
Alex Deucher <alexander.deucher@....com>,
amd-gfx@...ts.freedesktop.org,
Bjorn Helgaas <bhelgaas@...gle.com>,
David Airlie <airlied@...il.com>,
dri-devel@...ts.freedesktop.org,
intel-gfx@...ts.freedesktop.org,
intel-xe@...ts.freedesktop.org,
Jani Nikula <jani.nikula@...ux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
linux-pci@...r.kernel.org,
Rodrigo Vivi <rodrigo.vivi@...el.com>,
Simona Vetter <simona@...ll.ch>,
Tvrtko Ursulin <tursulin@...ulin.net>,
Christian König <christian.koenig@....com>,
Thomas Hellström <thomas.hellstrom@...ux.intel.com>,
Michał Winiarski <michal.winiarski@...el.com>,
linux-kernel@...r.kernel.org
Cc: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
Subject: [PATCH 1/9] PCI: Prevent resource tree corruption when BAR resize fails
pbus_reassign_bridge_resources() saves bridge windows into the saved
list before attempting to adjust resource assignments to perform a BAR
resize operation. If resource adjustments cannot be completed fully,
rollback is attempted by restoring the resource from the saved list.
The rollback, however, does not check whether the resources it restores were
assigned by the partial resize attempt. If restore changes addresses of the
resource, it can result in corrupting the resource tree.
An example of a corrupted resource tree with overlapping addresses:
6200000000000-6203fbfffffff : pciex@...c3c0000000
6200000000000-6203fbff0ffff : PCI Bus 0030:01
6200020000000-62000207fffff : 0030:01:00.0
6200000000000-6203fbff0ffff : PCI Bus 0030:02
A resource that are assigned into the resource tree must remain
unchanged. Thus, release such a resource before attempting to restore
and claim it back.
For simplicity, always do the release and claim back for the resource
even in the cases where it is restored to the same address range.
Note: this fix may "break" some cases where devices "worked" because
the resource tree corruption allowed address space double counting to
fit more resource than what can now be assigned without double
counting. The upcoming changes to BAR resizing should address those
scenarios (to the extent possible).
Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs")
Reported-by: Simon Richter <Simon.Richter@...yros.de>
Reported-by: Alex Bennée <alex.bennee@...aro.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
---
drivers/pci/setup-bus.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
index 4a8735b275e4..e6984bb530ae 100644
--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
@@ -2504,6 +2504,11 @@ int pbus_reassign_bridge_resources(struct pci_bus *bus, struct resource *res)
bridge = dev_res->dev;
i = pci_resource_num(bridge, res);
+ if (res->parent) {
+ release_child_resources(res);
+ pci_release_resource(bridge, i);
+ }
+
restore_dev_resource(dev_res);
pci_claim_resource(bridge, i);
--
2.39.5
Powered by blists - more mailing lists