linux-brain

History

Libor Pechacek 83dc8f0a91 powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable commit a83836dbc53e96f13fec248ecc201d18e1e3111d upstream. In guests without hotplugagble memory drmem structure is only zero initialized. Trying to manipulate DLPAR parameters results in a crash. $ echo "memory add count 1" > /sys/kernel/dlpar Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries ... NIP: c0000000000ff294 LR: c0000000000ff248 CTR: 0000000000000000 REGS: c0000000fb9d3880 TRAP: 0300 Tainted: G E (5.5.0-rc6-2-default) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28242428 XER: 20000000 CFAR: c0000000009a6c10 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0 ... NIP dlpar_memory+0x6e4/0xd00 LR dlpar_memory+0x698/0xd00 Call Trace: dlpar_memory+0x698/0xd00 (unreliable) handle_dlpar_errorlog+0xc0/0x190 dlpar_store+0x198/0x4a0 kobj_attr_store+0x30/0x50 sysfs_kf_write+0x64/0x90 kernfs_fop_write+0x1b0/0x290 __vfs_write+0x3c/0x70 vfs_write+0xd0/0x260 ksys_write+0xdc/0x130 system_call+0x5c/0x68 Taking closer look at the code, I can see that for_each_drmem_lmb is a macro expanding into `for (lmb = &drmem_info->lmbs[0]; lmb <= &drmem_info->lmbs[drmem_info->n_lmbs - 1]; lmb++)`. When drmem_info->lmbs is NULL, the loop would iterate through the whole address range if it weren't stopped by the NULL pointer dereference on the next line. This patch aligns for_each_drmem_lmb and for_each_drmem_lmb_in_range macro behavior with the common C semantics, where the end marker does not belong to the scanned range, and alters get_lmb_range() semantics. As a side effect, the wraparound observed in the crash is prevented. Fixes: `6c6ea53725` ("powerpc/mm: Separate ibm, dynamic-memory data from DT format") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Libor Pechacek <lpechacek@suse.cz> Signed-off-by: Michal Suchanek <msuchanek@suse.de> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20200131132829.10281-1-msuchanek@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-04-17 10:48:51 +02:00
..
Kconfig	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
Makefile	powerpc/Makefiles: Convert ifeq to ifdef where possible	2018-08-08 00:32:36 +10:00
cmm.c	powerpc/pseries/cmm: Implement release() function for sysfs device	2020-01-04 19:12:54 +01:00
dlpar.c	powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()	2019-12-05 09:21:23 +01:00
dtl.c	powerpc/pseries: Fix how we iterate over the DTL entries	2019-11-24 08:19:53 +01:00
eeh_pseries.c	powerpc/eeh: Add EEH operations to notify resume	2018-01-27 20:02:52 +11:00
event_sources.c	powerpc: Convert to using %pOF instead of full_name	2017-08-23 22:27:04 +10:00
firmware.c	powerpc/firmware: Add definitions for new drc-info firmware feature	2018-01-21 16:21:40 +11:00
hotplug-cpu.c	powerpc/pseries: Perform full re-add of CPU for topology update post-migration	2019-04-05 22:33:13 +02:00
hotplug-memory.c	powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable	2020-04-17 10:48:51 +02:00
hvCall.S	jump_label: move 'asm goto' support test to Kconfig	2019-06-04 08:02:34 +02:00
hvCall_inst.c	powerpc/pseries: hcall_exit tracepoint retval should be signed	2018-05-10 23:17:43 +10:00
hvconsole.c	powerpc/pseries/hvconsole: Fix stack overread via udbg	2020-01-09 10:19:08 +01:00
hvcserver.c	powerpc/pseries/hvcserver: don't memset pi_buff if it is null	2015-10-09 08:03:03 +11:00
ibmebus.c	powerpc: Use octal numbers for file permissions	2018-01-22 05:48:33 +11:00
io_event_irq.c	powerpc: Various typo fixes	2016-06-14 13:58:26 +10:00
iommu.c	powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW	2020-02-14 16:33:26 -05:00
kexec.c	powerpc/xive: Remove xive_kexec_teardown_cpu()	2018-08-07 21:49:28 +10:00
lpar.c	powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()	2020-04-17 10:48:49 +02:00
lparcfg.c	powerpc/pseries: lparcfg calculate PURR on demand	2018-06-03 20:40:27 +10:00
mobility.c	powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration	2020-01-27 14:50:55 +01:00
msi.c	powerpc/pci: Remove OF node back pointer from pci_dn	2017-08-31 14:26:12 +10:00
nvram.c	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	2016-12-24 11:46:01 -08:00
of_helpers.c	pseries/drc-info: Search DRC properties for CPU indexes	2018-01-21 16:21:46 +11:00
of_helpers.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
offline_states.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
pci.c	powerpc/pseries/pci: Associate PEs to VFs in configure SR-IOV	2018-01-27 20:02:53 +11:00
pci_dlpar.c	powerpc: Convert to using %pOF instead of full_name	2017-08-23 22:27:04 +10:00
power.c	powerpc/sparse: Include headers containing prototypes	2016-06-16 22:40:19 +10:00
pseries.h	powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration	2018-03-27 19:25:14 +11:00
pseries_energy.c	powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes	2019-04-03 06:26:29 +02:00
ras.c	powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.	2018-08-10 22:12:34 +10:00
reconfig.c	powerpc: Use octal numbers for file permissions	2018-01-22 05:48:33 +11:00
rng.c	powerpc: Use hardware RNG for arch_get_random_seed_* not arch_get_random_*	2015-07-23 19:52:03 +10:00
scanlog.c	powerpc: Use octal numbers for file permissions	2018-01-22 05:48:33 +11:00
setup.c	powerpc/vcpu: Assume dedicated processors as non-preempt	2020-01-12 12:17:23 +01:00
smp.c	Merge branch 'topic/paca' into next	2018-03-31 09:09:36 +11:00
suspend.c	powerpc: Use octal numbers for file permissions	2018-01-22 05:48:33 +11:00
vio.c	powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning	2020-02-14 16:33:25 -05:00