kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/drivers/pci
History
Konrad Rzeszutek Wilk 4d8c8bd6f2 xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted. 
Occasionaly PV guests would crash with:

pciback 0000:00:00.1: Xen PCI mapped GSI0 to IRQ16
BUG: unable to handle kernel paging request at 0000000d1a8c0be0
.. snip..
  <ffffffff8139ce1b>] find_next_bit+0xb/0x10
  [<ffffffff81387f22>] cpumask_next_and+0x22/0x40
  [<ffffffff813c1ef8>] pci_device_probe+0xb8/0x120
  [<ffffffff81529097>] ? driver_sysfs_add+0x77/0xa0
  [<ffffffff815293e4>] driver_probe_device+0x1a4/0x2d0
  [<ffffffff813c1ddd>] ? pci_match_device+0xdd/0x110
  [<ffffffff81529657>] __device_attach_driver+0xa7/0xb0
  [<ffffffff815295b0>] ? __driver_attach+0xa0/0xa0
  [<ffffffff81527622>] bus_for_each_drv+0x62/0x90
  [<ffffffff8152978d>] __device_attach+0xbd/0x110
  [<ffffffff815297fb>] device_attach+0xb/0x10
  [<ffffffff813b75ac>] pci_bus_add_device+0x3c/0x70
  [<ffffffff813b7618>] pci_bus_add_devices+0x38/0x80
  [<ffffffff813dc34e>] pcifront_scan_root+0x13e/0x1a0
  [<ffffffff817a0692>] pcifront_backend_changed+0x262/0x60b
  [<ffffffff814644c6>] ? xenbus_gather+0xd6/0x160
  [<ffffffff8120900f>] ? put_object+0x2f/0x50
  [<ffffffff81465c1d>] xenbus_otherend_changed+0x9d/0xa0
  [<ffffffff814678ee>] backend_changed+0xe/0x10
  [<ffffffff81463a28>] xenwatch_thread+0xc8/0x190
  [<ffffffff810f22f0>] ? woken_wake_function+0x10/0x10

which was the result of two things:

When we call pci_scan_root_bus we would pass in 'sd' (sysdata)
pointer which was an 'pcifront_sd' structure. However in the
pci_device_add it expects that the 'sd' is 'struct sysdata' and
sets the dev->node to what is in sd->node (offset 4):

set_dev_node(&dev->dev, pcibus_to_node(bus));

 __pcibus_to_node(const struct pci_bus *bus)
{
        const struct pci_sysdata *sd = bus->sysdata;

        return sd->node;
}

However our structure was pcifront_sd which had nothing at that
offset:

struct pcifront_sd {
        int                        domain;    /*     0     4 */
        /* XXX 4 bytes hole, try to pack */
        struct pcifront_device *   pdev;      /*     8     8 */
}

That is an hole - filled with garbage as we used kmalloc instead of
kzalloc (the second problem).

This patch fixes the issue by:
 1) Use kzalloc to initialize to a well known state.
 2) Put 'struct pci_sysdata' at the start of 'pcifront_sd'. That
    way access to the 'node' will access the right offset.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
2016-02-15 14:34:57 +00:00
..
host PCI: altera: Fix error when INTx is 4 2015-12-04 16:21:21 -06:00
hotplug PCI: pciehp: Queue power work requests in dedicated function 2015-10-21 13:55:37 -05:00
pcie PCI/AER: Clear error status registers during enumeration and restore 2015-09-17 10:09:37 -05:00
access.c PCI: Use function 0 VPD for identical functions, regular VPD for others 2015-09-24 17:06:32 -05:00
ats.c PCI: Remove pci_ats_enabled() 2015-08-13 15:59:59 -05:00
bus.c PCI: Clear IORESOURCE_UNSET when clipping a bridge window 2015-09-22 17:03:54 -05:00
host-bridge.c Merge branch 'pci/misc' into next 2015-04-10 08:27:18 -05:00
hotplug-pci.c PCI: Remove unnecessary __ref annotations 2014-04-29 17:36:44 -06:00
htirq.c x86/htirq: Use hierarchical irqdomain to manage Hypertransport interrupts 2015-04-24 15:36:50 +02:00
iov.c Merge branches 'pci/aer', 'pci/hotplug', 'pci/misc', 'pci/msi', 'pci/resource' and 'pci/virtualization' into next 2015-11-02 15:57:03 -06:00
irq.c PCI: Fix whitespace, capitalization, and spelling errors 2013-11-14 11:28:18 -07:00
Kconfig PCI,parisc: Enable 64-bit bus addresses on PA-RISC 2015-09-08 15:30:47 +02:00
Makefile PCI: Build setup-irq.o for arm64 2015-08-20 12:02:49 -05:00
msi.c PCI/MSI: Only use the generic MSI layer when domain is hierarchical 2015-12-04 10:28:14 -06:00
of.c PCI/MSI: Use of_msi_get_domain instead of open-coded "msi-parent" parsing 2015-10-16 13:07:14 +01:00
pci-acpi.c PCI / ACPI: Fix pci_acpi_optimize_delay() comment 2015-07-15 15:11:50 -05:00
pci-driver.c PCI / PM: Tune down retryable runtime suspend error messages 2015-12-02 15:24:21 +01:00
pci-label.c PCI: Make a shareable UUID for PCI firmware ACPI _DSM 2015-04-08 14:39:30 -05:00
pci-stub.c PCI: Whitespace cleanup 2014-06-10 20:20:19 -06:00
pci-sysfs.c PCI: Prevent out of bounds access in numa_node override 2015-11-24 12:33:13 -06:00
pci.c PCI changes for the v4.4 merge window: 2015-11-06 11:29:53 -08:00
pci.h ARM/PCI: Move align_resource function pointer to pci_host_bridge structure 2015-11-25 13:23:38 -06:00
probe.c Merge branches 'acpi-smbus', 'acpi-ec' and 'acpi-pci' 2015-11-20 01:22:52 +01:00
proc.c PCI: Whitespace cleanup 2014-06-10 20:20:19 -06:00
quirks.c PCI changes for the v4.4 merge window: 2015-11-06 11:29:53 -08:00
remove.c PCI: Embed ATS info directly into struct pci_dev 2015-08-13 15:57:21 -05:00
rom.c PCI: Fix infinite loop with ROM image of size 0 2015-01-23 17:42:59 -06:00
search.c PCI: Delete unnecessary NULL pointer checks 2014-11-10 21:02:17 -07:00
setup-bus.c PCI: Handle IORESOURCE_PCI_FIXED when assigning resources 2015-10-29 17:35:39 -05:00
setup-irq.c PCI: Export symbols required for loadable host driver modules 2015-04-08 14:17:10 -05:00
setup-res.c Merge branches 'pci/aer', 'pci/hotplug', 'pci/misc', 'pci/msi', 'pci/resource' and 'pci/virtualization' into next 2015-11-02 15:57:03 -06:00
slot.c PCI: Hold pci_slot_mutex while searching bus->slots list 2015-07-30 16:19:53 -05:00
syscall.c PCI: Whitespace cleanup 2014-06-10 20:20:19 -06:00
vc.c PCI: Use dev->has_secondary_link to find downstream PCIe links 2015-05-29 15:35:26 -05:00
vpd.c
xen-pcifront.c xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted. 2016-02-15 14:34:57 +00:00