From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Borislav Petkov <bp@suse.de>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.8 11/99] EDAC/ghes: Check whether the driver is on the safe list correctly
Date: Tue, 29 Sep 2020 13:00:54 +0200 [thread overview]
Message-ID: <20200929105930.279023084@linuxfoundation.org> (raw)
In-Reply-To: <20200929105929.719230296@linuxfoundation.org>
From: Borislav Petkov <bp@suse.de>
[ Upstream commit 251c54ea26fa6029b01a76161a37a12fde5124e4 ]
With CONFIG_DEBUG_TEST_DRIVER_REMOVE=y, a system would try to probe,
unregister and probe again a driver.
When ghes_edac is attempted to be loaded on a system which is not on
the safe platforms list, ghes_edac_register() would return early. The
unregister counterpart ghes_edac_unregister() would still attempt to
unregister and exit early at the refcount test, leading to the refcount
underflow below.
In order to not do *anything* on the unregister path too, reuse the
force_load parameter and check it on that path too, before fumbling with
the refcount.
ghes_edac: ghes_edac_register: entry
ghes_edac: ghes_edac_register: return -ENODEV
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 10 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0xb9/0x100
Modules linked in:
CPU: 10 PID: 1 Comm: swapper/0 Not tainted 5.9.0-rc4+ #12
Hardware name: GIGABYTE MZ01-CE1-00/MZ01-CE1-00, BIOS F02 08/29/2018
RIP: 0010:refcount_warn_saturate+0xb9/0x100
Code: 82 e8 fb 8f 4d 00 90 0f 0b 90 90 c3 80 3d 55 4c f5 00 00 75 88 c6 05 4c 4c f5 00 01 90 48 c7 c7 d0 8a 10 82 e8 d8 8f 4d 00 90 <0f> 0b 90 90 c3 80 3d 30 4c f5 00 00 0f 85 61 ff ff ff c6 05 23 4c
RSP: 0018:ffffc90000037d58 EFLAGS: 00010292
RAX: 0000000000000026 RBX: ffff88840b8da000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff8216b24f RDI: 00000000ffffffff
RBP: ffff88840c662e00 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000046 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88840ee80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000800002211000 CR4: 00000000003506e0
Call Trace:
ghes_edac_unregister
ghes_remove
platform_drv_remove
really_probe
driver_probe_device
device_driver_attach
__driver_attach
? device_driver_attach
? device_driver_attach
bus_for_each_dev
bus_add_driver
driver_register
? bert_init
ghes_init
do_one_initcall
? rcu_read_lock_sched_held
kernel_init_freeable
? rest_init
kernel_init
ret_from_fork
...
ghes_edac: ghes_edac_unregister: FALSE, refcount: -1073741824
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200911164950.GB19320@zn.tnic
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/ghes_edac.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c
index cb3dab56a875d..efad23575b16b 100644
--- a/drivers/edac/ghes_edac.c
+++ b/drivers/edac/ghes_edac.c
@@ -469,6 +469,7 @@ int ghes_edac_register(struct ghes *ghes, struct device *dev)
if (!force_load && idx < 0)
return -ENODEV;
} else {
+ force_load = true;
idx = 0;
}
@@ -566,6 +567,9 @@ void ghes_edac_unregister(struct ghes *ghes)
struct mem_ctl_info *mci;
unsigned long flags;
+ if (!force_load)
+ return;
+
mutex_lock(&ghes_reg_mutex);
if (!refcount_dec_and_test(&ghes_refcount))
--
2.25.1
next prev parent reply other threads:[~2020-09-29 11:47 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 11:00 [PATCH 5.8 00/99] 5.8.13-rc1 review Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 01/99] device_cgroup: Fix RCU list debugging warning Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 02/99] ASoC: pcm3168a: ignore 0 Hz settings Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 03/99] ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 04/99] ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 05/99] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 06/99] clk: versatile: Add of_node_put() before return statement Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 07/99] RISC-V: Take text_mutex in ftrace_init_nop() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 08/99] i2c: aspeed: Mask IRQ status to relevant bits Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 09/99] s390/init: add missing __init annotations Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 10/99] lockdep: fix order in trace_hardirqs_off_caller() Greg Kroah-Hartman
2020-09-29 11:00 ` Greg Kroah-Hartman [this message]
2020-09-29 11:00 ` [PATCH 5.8 12/99] drm/amdkfd: fix a memory leak issue Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 13/99] drm/amd/display: Dont use DRM_ERROR() for DTM add topology Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 14/99] drm/amd/display: update nv1x stutter latencies Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 15/99] drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 5.8 16/99] drm/amd/display: Dont log hdcp module warnings in dmesg Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 17/99] i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 18/99] objtool: Fix noreturn detection for ignored functions Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 19/99] i2c: mediatek: Send i2c master code at more than 1MHz Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 20/99] riscv: Fix Kendryte K210 device tree Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 21/99] ieee802154: fix one possible memleak in ca8210_dev_com_init Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 22/99] ieee802154/adf7242: check status of adf7242_read_reg Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 23/99] clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 24/99] mwifiex: Increase AES key storage size to 256 bits Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 25/99] batman-adv: bla: fix type misuse for backbone_gw hash indexing Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 26/99] libbpf: Fix build failure from uninitialized variable warning Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 27/99] atm: eni: fix the missed pci_disable_device() for eni_init_one() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 28/99] batman-adv: mcast/TT: fix wrongly dropped or rerouted packets Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 29/99] netfilter: ctnetlink: add a range check for l3/l4 protonum Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 30/99] netfilter: ctnetlink: fix mark based dump filtering regression Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 31/99] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 32/99] netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 33/99] mac802154: tx: fix use-after-free Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 34/99] bpf: Fix clobbering of r2 in bpf_gen_ld_abs Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 35/99] tools/libbpf: Avoid counting local symbols in ABI check Greg Kroah-Hartman
2020-09-29 21:54 ` Justin Forbes
2020-09-30 5:02 ` Tony Ambardar
2020-09-30 15:40 ` Justin Forbes
2020-09-29 11:01 ` [PATCH 5.8 36/99] drm/vc4/vc4_hdmi: fill ASoC card owner Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 37/99] net: qed: Disable aRFS for NPAR and 100G Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 38/99] net: qede: " Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 39/99] net: qed: RDMA personality shouldnt fail VF load Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 40/99] igc: Fix wrong timestamp latency numbers Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 41/99] igc: Fix not considering the TX delay for timestamps Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 42/99] drm/sun4i: sun8i-csc: Secondary CSC register correction Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 43/99] hv_netvsc: Switch the data path at the right time during hibernation Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 44/99] spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 45/99] RDMA/core: Fix ordering of CQ pool destruction Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 46/99] batman-adv: Add missing include for in_interrupt() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 47/99] xsk: Fix number of pinned pages/umem size discrepancy Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 48/99] nvme-tcp: fix kconfig dependency warning when !CRYPTO Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 49/99] batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 50/99] batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 51/99] batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 52/99] bpf: Fix a rcu warning for bpffs map pretty-print Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 53/99] lib80211: fix unmet direct dependendices config warning when !CRYPTO Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 54/99] mac80211: do not disable HE if HT is missing on 2.4 GHz Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 55/99] cfg80211: fix 6 GHz channel conversion Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 56/99] mac80211: fix 80 MHz association to 160/80+80 AP on 6 GHz Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 57/99] ALSA: asihpi: fix iounmap in error handler Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 58/99] io_uring: fix openat/openat2 unified prep handling Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 59/99] SUNRPC: Fix svc_flush_dcache() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 60/99] regmap: fix page selection for noinc reads Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 61/99] regmap: fix page selection for noinc writes Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 62/99] net/mlx5e: mlx5e_fec_in_caps() returns a boolean Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 63/99] MIPS: Loongson-3: Fix fp register access if MSA enabled Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 64/99] PM / devfreq: tegra30: Disable clock on error in probe Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 65/99] MIPS: Add the missing CPU_1074K into __get_cpu_type() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 66/99] regulator: axp20x: fix LDO2/4 description Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 67/99] spi: bcm-qspi: Fix probe regression on iProc platforms Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 68/99] KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 69/99] KVM: SVM: Add a dedicated INVD intercept routine Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 70/99] mm: validate pmd after splitting Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 71/99] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 72/99] x86/irq: Make run_on_irqstack_cond() typesafe Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 73/99] x86/ioapic: Unbreak check_timer() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 74/99] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 75/99] ALSA: usb-audio: Add delay quirk for H570e USB headsets Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 5.8 76/99] ALSA: hda/realtek - Couldnt detect Mic if booting with headset plugged Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 77/99] ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 78/99] lib/string.c: implement stpcpy Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 79/99] tracing: fix double free Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 80/99] s390/dasd: Fix zero write for FBA devices Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 81/99] mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing stations Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 82/99] lib/bootconfig: Fix a bug of breaking existing tree nodes Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 83/99] lib/bootconfig: Fix to remove tailing spaces after value Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 84/99] kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 85/99] kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 86/99] btrfs: fix put of uninitialized kobject after seed device delete Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 87/99] btrfs: fix overflow when copying corrupt csums for a message Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 88/99] media: cec-adap.c: dont use flush_scheduled_work() Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 89/99] MIPS: Loongson2ef: Disable Loongson MMI instructions Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 90/99] dmabuf: fix NULL pointer dereference in dma_buf_release() Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 91/99] mm, THP, swap: fix allocating cluster for swapfile by mistake Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 92/99] mm/gup: fix gup_fast with dynamic page table folding Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 93/99] mm: replace memmap_context by meminit_context Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 94/99] mm: dont rely on system state to detect hot-plug operations Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 95/99] s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 96/99] io_uring: ensure open/openat2 name is cleaned on cancelation Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 97/99] KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 98/99] dm: fix bio splitting and its bio completion order for regular IO Greg Kroah-Hartman
2020-09-29 11:02 ` [PATCH 5.8 99/99] clocksource/drivers/timer-ti-dm: Do reset before enable Greg Kroah-Hartman
2020-09-29 13:39 ` [PATCH 5.8 00/99] 5.8.13-rc1 review Jeffrin Jose T
2020-09-29 15:15 ` Jon Hunter
2020-10-01 19:23 ` Greg Kroah-Hartman
2020-09-29 20:54 ` Guenter Roeck
2020-10-01 19:23 ` Greg Kroah-Hartman
2020-09-30 7:28 ` Naresh Kamboju
2020-10-01 19:24 ` Greg Kroah-Hartman
2020-09-30 14:26 ` Shuah Khan
2020-10-01 19:24 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200929105930.279023084@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.