From: Lukas Wunner <lukas@wunner.de>
To: Nam Cao <namcao@linutronix.de>
Cc: "Bjorn Helgaas" <bhelgaas@google.com>,
"Yinghai Lu" <yinghai@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
"Mika Westerberg" <mika.westerberg@linux.intel.com>
Subject: Re: [PATCH v2 2/2] PCI: pciehp: Abort hot-plug if pci_hp_add_bridge() fails
Date: Mon, 27 May 2024 11:15:55 +0200 [thread overview]
Message-ID: <ZlRPS9TCYjccpNLr@wunner.de> (raw)
In-Reply-To: <20240507142738.wyj19VVh@linutronix.de>
On Tue, May 07, 2024 at 04:27:38PM +0200, Nam Cao wrote:
> On Mon, May 06, 2024 at 09:36:44PM +0200, Lukas Wunner wrote:
> > Remind me, how exactly does the NULL pointer deref occur? I think it's
> > because no struct pci_bus was allocated for the subordinate bus of the
> > hot-plugged bridge, right? Because AFAICS that would happen in
> >
> > pci_hp_add_bridge()
> > pci_can_bridge_extend()
> > pci_add_new_bus()
> > pci_alloc_child_bus()
> >
> > but we never get that far because pci_hp_add_bridge() bails out with -1.
> > So the subordinate pointer remains a NULL pointer.
>
> This is correct. NULL deference happens due to subordinate pointer being
> NULL.
>
> > Or check for a NULL subordinate pointer instead of crashing.
>
> I think this is a possible solution, but it is a bit complicated: all usage
> of subordinate pointers will need to be looked at.
We already check for a NULL subordinate pointer in various places.
See e.g. commit 62e4492c3063 ("PCI: Prevent NULL dereference during
pciehp probe").
If we're missing such checks, I'd suggest to add those.
If you believe having a NULL subordinate pointer is wrong and the
bridge should be de-enumerated altogether, I think you would have
to remove these NULL pointer checks as they'd otherwise become
pointless with your change.
Just adding missing NULL pointer checks seems to be the most
straightforward solution to me.
Thanks,
Lukas
next prev parent reply other threads:[~2024-05-27 9:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-04 16:15 [PATCH v2 0/2] abort hot-plug if pci_hp_add_bridge() fails Nam Cao
2024-05-04 16:15 ` [PATCH v2 1/2] PCI: shpchp: Abort " Nam Cao
2024-05-04 16:15 ` [PATCH v2 2/2] PCI: pciehp: " Nam Cao
2024-05-05 5:45 ` Lukas Wunner
2024-05-05 7:14 ` Nam Cao
2024-05-06 8:37 ` Nam Cao
2024-05-06 19:36 ` Lukas Wunner
2024-05-07 14:27 ` Nam Cao
2024-05-27 9:15 ` Lukas Wunner [this message]
2024-05-27 9:23 ` Nam Cao
2024-05-27 12:33 ` Lukas Wunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlRPS9TCYjccpNLr@wunner.de \
--to=lukas@wunner.de \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=namcao@linutronix.de \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox