The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Mario Limonciello <mario.limonciello@amd.com>
Cc: Yazen Ghannam <yazen.ghannam@amd.com>,
	"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
	<x86@kernel.org>,
	"open list:AMD NODE DRIVER" <linux-kernel@vger.kernel.org>,
	regressions@lists.linux.dev
Subject: Re: kernel NULL pointer dereference in quirk_clear_strap_no_soft_reset_dev2_f0 -> amd_smn_read
Date: Fri, 5 Jun 2026 19:45:15 +0200	[thread overview]
Message-ID: <aiMLK1Hvk0Fmyimm@mail-itl> (raw)
In-Reply-To: <2535f876-adea-41f1-bf92-a2f15a1eb157@amd.com>

[-- Attachment #1: Type: text/plain, Size: 2561 bytes --]

On Fri, Jun 05, 2026 at 12:36:29PM -0500, Mario Limonciello wrote:
> 
> 
> On 6/5/26 12:34, Marek Marczykowski-Górecki wrote:
> > On Mon, Jan 12, 2026 at 08:47:50PM -0600, Mario Limonciello wrote:
> > > 
> > > 
> > > On 1/12/2026 7:01 PM, Marek Marczykowski-Górecki wrote:
> > > > Hi,
> > > > 
> > > > I've got a report that kernel 6.17.9 crashes when running a Xen HVM domU
> > > > with AMD Raphael/Granite Ridge USB controller passed through.
> > > > It worked correctly in 6.12.59. Between those versions, I don't see any
> > > > relevant change to quirk_clear_strap_no_soft_reset_dev2_f0() function,
> > > > but the AMD node driver did got some changes, so my guess is one of them
> > > > is to blame. I know the good-bad range is huge, but there aren't that
> > > > many changes to the AMD node driver in this range.
> > > 
> > > Is this perhaps a case that only the USB controller was passed through but
> > > that the root controller wasn't?  That would lead to a case that
> > > amd_smn_init() was never called and thus amd_roots was not initialized
> > > properly.
> > > 
> > > So it would be a NULL pointer deref.  If that's correct, something like this
> > > should work to avoid it.
> > > 
> > > diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c
> > > index 3d0a4768d603c..894823b444d47 100644
> > > --- a/arch/x86/kernel/amd_node.c
> > > +++ b/arch/x86/kernel/amd_node.c
> > > @@ -91,6 +91,11 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32
> > > address, u32 *value, b
> > >          if (node >= amd_num_nodes())
> > >                  return err;
> > > 
> > > +       if (!amd_roots) {
> > > +               pr_warn("AMD SMN roots not initialized.\n");
> > > +               return err;
> > > +       }
> > > +
> > >          root = amd_roots[node];
> > >          if (!root)
> > >                  return err;
> > 
> > Thanks, I finally got confirmation from affected user that this patch
> > fixes the issue. From what I understand, adbf61cc47cb ("x86/acpi/boot: Correct
> > acpi_is_processor_usable() check again") was not enough.
> > 
> > > > Original report at (with full kernel log etc): https://forum.qubes-os.org/t/yet-another-usb-keyboard-thread/38355/8
> > 
> 
> There's another patch being discussed.  Could this help?
> 
> https://lore.kernel.org/all/20260602184823.GKah8ld2QJLm28xoa9@fat_crate.local/

Especially with 2/2 patch there, yes, looks like it would help too.

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  reply	other threads:[~2026-06-05 17:45 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-13  1:01 kernel NULL pointer dereference in quirk_clear_strap_no_soft_reset_dev2_f0 -> amd_smn_read Marek Marczykowski-Górecki
2026-01-13  2:47 ` Mario Limonciello
2026-01-13 16:04   ` Borislav Petkov
2026-06-05 17:34   ` Marek Marczykowski-Górecki
2026-06-05 17:36     ` Mario Limonciello
2026-06-05 17:45       ` Marek Marczykowski-Górecki [this message]
2026-06-05 18:54         ` Mario Limonciello
2026-06-05 20:23           ` Marek Marczykowski-Górecki
2026-06-05 21:15             ` Borislav Petkov
2026-06-05 21:55               ` Marek Marczykowski-Górecki
2026-06-05 22:26                 ` Borislav Petkov
2026-06-05 22:40                   ` Marek Marczykowski-Górecki
2026-06-05 23:09                     ` Borislav Petkov
2026-06-05 23:37                       ` Marek Marczykowski-Górecki
2026-06-06  1:59                         ` Borislav Petkov
2026-01-30 17:01 ` Yazen Ghannam
2026-02-07  1:57   ` Marek Marczykowski-Górecki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aiMLK1Hvk0Fmyimm@mail-itl \
    --to=marmarek@invisiblethingslab.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mario.limonciello@amd.com \
    --cc=regressions@lists.linux.dev \
    --cc=x86@kernel.org \
    --cc=yazen.ghannam@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox