From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Jarkko Nikula <jarkko.nikula@linux.intel.com>,
Logan Gunthorpe <logang@deltatee.com>,
Bjorn Helgaas <bhelgaas@google.com>
Subject: [PATCH 4.19 25/30] PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
Date: Thu, 21 Feb 2019 15:36:07 +0100 [thread overview]
Message-ID: <20190221125252.000358199@linuxfoundation.org> (raw)
In-Reply-To: <20190221125250.543158526@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Logan Gunthorpe <logang@deltatee.com>
commit d2fd6e81912a665993b24dcdc1c1384a42a54f7e upstream.
The disable_acs_redir parameter stores a pointer to the string passed to
pci_setup(). However, the string passed to PCI setup is actually a
temporary copy allocated in static __initdata memory. After init, once the
memory is freed, it is no longer valid to reference this pointer.
This bug was noticed in v5.0-rc1 after a change in commit c5eb1190074c
("PCI / PM: Allow runtime PM without callback functions") caused
pci_disable_acs_redir() to be called during shutdown which manifested
as an unable to handle kernel paging request at:
RIP: 0010:pci_enable_acs+0x3f/0x1e0
Call Trace:
pci_restore_state.part.44+0x159/0x3c0
pci_restore_standard_config+0x33/0x40
pci_pm_runtime_resume+0x2b/0xd0
? pci_restore_standard_config+0x40/0x40
__rpm_callback+0xbc/0x1b0
rpm_callback+0x1f/0x70
? pci_restore_standard_config+0x40/0x40
rpm_resume+0x4f9/0x710
? pci_conf1_read+0xb6/0xf0
? pci_conf1_write+0xb2/0xe0
__pm_runtime_resume+0x47/0x70
pci_device_shutdown+0x1e/0x60
device_shutdown+0x14a/0x1f0
kernel_restart+0xe/0x50
__do_sys_reboot+0x1ee/0x210
? __fput+0x144/0x1d0
do_writev+0x5e/0xf0
? do_writev+0x5e/0xf0
do_syscall_64+0x48/0xf0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
It was also likely possible to trigger this bug when hotplugging PCI
devices.
To fix this, instead of storing a pointer, we use kstrdup() to copy the
disable_acs_redir_param to its own buffer which will never be freed.
Fixes: aaca43fda742 ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support")
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6113,7 +6113,8 @@ static int __init pci_setup(char *str)
} else if (!strncmp(str, "pcie_scan_all", 13)) {
pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS);
} else if (!strncmp(str, "disable_acs_redir=", 18)) {
- disable_acs_redir_param = str + 18;
+ disable_acs_redir_param =
+ kstrdup(str + 18, GFP_KERNEL);
} else {
printk(KERN_ERR "PCI: Unknown option `%s'\n",
str);
next prev parent reply other threads:[~2019-02-21 14:41 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 14:35 [PATCH 4.19 00/30] 4.19.25-stable review Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 01/30] af_packet: fix raw sockets over 6in4 tunnel Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 02/30] dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 03/30] mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 04/30] net: crypto set sk to NULL when af_alg_release Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 05/30] net: Fix for_each_netdev_feature on Big endian Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 06/30] net: fix IPv6 prefix route residue Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 07/30] net: ip6_gre: initialize erspan_ver just for erspan tunnels Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 08/30] net: ipv4: use a dedicated counter for icmp_v4 redirect packets Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 09/30] net: phy: xgmiitorgmii: Support generic PHY status read Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 10/30] net: stmmac: Fix a race in EEE enable callback Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 11/30] net: stmmac: handle endianness in dwmac4_get_timestamp Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 12/30] net: validate untrusted gso packets without csum offload Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 13/30] sky2: Increase D3 delay again Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 14/30] vhost: correctly check the return value of translate_desc() in log_used() Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 15/30] vsock: cope with memory allocation failure at socket creation time Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 16/30] vxlan: test dev->flags & IFF_UP before calling netif_rx() Greg Kroah-Hartman
2019-02-21 14:35 ` [PATCH 4.19 17/30] net: Add header for usage of fls64() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 18/30] tcp: clear icsk_backoff in tcp_write_queue_purge() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 19/30] tcp: tcp_v4_err() should be more careful Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 20/30] net: Do not allocate page fragments that are not skb aligned Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 21/30] hwmon: (lm80) Fix missing unlock on error in set_fan_div() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 22/30] scsi: target/core: Use kmem_cache_free() instead of kfree() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 23/30] x86_64: increase stack size for KASAN_EXTRA Greg Kroah-Hartman
2019-02-21 15:00 ` Andrey Ryabinin
2019-02-21 15:26 ` Greg Kroah-Hartman
2019-02-21 15:30 ` Andrey Ryabinin
2019-02-21 16:08 ` Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 24/30] mmc: meson-gx: fix interrupt name Greg Kroah-Hartman
2019-02-21 14:36 ` Greg Kroah-Hartman [this message]
2019-02-21 14:36 ` [PATCH 4.19 26/30] sunrpc: fix 4 more call sites that were using stack memory with a scatterlist Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 27/30] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 28/30] net/x25: do not hold the cpu too long in x25_new_lci() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 29/30] mISDN: fix a race in dev_expire_timer() Greg Kroah-Hartman
2019-02-21 14:36 ` [PATCH 4.19 30/30] ax25: fix possible use-after-free Greg Kroah-Hartman
2019-02-22 8:14 ` [PATCH 4.19 00/30] 4.19.25-stable review Jon Hunter
2019-02-22 8:14 ` Jon Hunter
2019-02-22 8:24 ` Greg Kroah-Hartman
2019-02-22 9:04 ` Naresh Kamboju
2019-02-22 23:10 ` shuah
2019-02-22 23:31 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190221125252.000358199@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bhelgaas@google.com \
--cc=jarkko.nikula@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=logang@deltatee.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.