korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-13 14:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
69fba378ed
linux/drivers
History
Kim Phillips ccb88e9549 crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked 
The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG_TEST_DRIVER_REMOVE.  Found using KASAN:

[  137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)
[  137.162647] ccp 0000:23:00.1: no command queues available
[  137.170598] ccp 0000:23:00.1: sev enabled
[  137.174645] ccp 0000:23:00.1: psp enabled
[  137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI
[  137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]
[  137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311
[  137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180
[  137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c
[  137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[  137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e
[  137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0
[  137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66
[  137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28
[  137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8
[  137.182693] FS:  0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000
[  137.182693] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0
[  137.182693] Call Trace:
[  137.182693]  <TASK>
[  137.182693]  ? show_regs+0x6c/0x80
[  137.182693]  ? __die_body+0x24/0x70
[  137.182693]  ? die_addr+0x4b/0x80
[  137.182693]  ? exc_general_protection+0x126/0x230
[  137.182693]  ? asm_exc_general_protection+0x2b/0x30
[  137.182693]  ? __sev_platform_shutdown_locked+0x51/0x180
[  137.182693]  sev_firmware_shutdown.isra.0+0x1e/0x80
[  137.182693]  sev_dev_destroy+0x49/0x100
[  137.182693]  psp_dev_destroy+0x47/0xb0
[  137.182693]  sp_destroy+0xbb/0x240
[  137.182693]  sp_pci_remove+0x45/0x60
[  137.182693]  pci_device_remove+0xaa/0x1d0
[  137.182693]  device_remove+0xc7/0x170
[  137.182693]  really_probe+0x374/0xbe0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  __driver_probe_device+0x199/0x460
[  137.182693]  driver_probe_device+0x4e/0xd0
[  137.182693]  __driver_attach+0x191/0x3d0
[  137.182693]  ? __pfx___driver_attach+0x10/0x10
[  137.182693]  bus_for_each_dev+0x100/0x190
[  137.182693]  ? __pfx_bus_for_each_dev+0x10/0x10
[  137.182693]  ? __kasan_check_read+0x15/0x20
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? _raw_spin_unlock+0x27/0x50
[  137.182693]  driver_attach+0x41/0x60
[  137.182693]  bus_add_driver+0x2a8/0x580
[  137.182693]  driver_register+0x141/0x480
[  137.182693]  __pci_register_driver+0x1d6/0x2a0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? esrt_sysfs_init+0x1cd/0x5d0
[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10
[  137.182693]  sp_pci_init+0x22/0x30
[  137.182693]  sp_mod_init+0x14/0x30
[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10
[  137.182693]  do_one_initcall+0xd1/0x470
[  137.182693]  ? __pfx_do_one_initcall+0x10/0x10
[  137.182693]  ? parameq+0x80/0xf0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? __kmalloc+0x3b0/0x4e0
[  137.182693]  ? kernel_init_freeable+0x92d/0x1050
[  137.182693]  ? kasan_populate_vmalloc_pte+0x171/0x190
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  kernel_init_freeable+0xa64/0x1050
[  137.182693]  ? __pfx_kernel_init+0x10/0x10
[  137.182693]  kernel_init+0x24/0x160
[  137.182693]  ? __switch_to_asm+0x3e/0x70
[  137.182693]  ret_from_fork+0x40/0x80
[  137.182693]  ? __pfx_kernel_init+0x10/0x10
[  137.182693]  ret_from_fork_asm+0x1b/0x30
[  137.182693]  </TASK>
[  137.182693] Modules linked in:
[  137.538483] ---[ end trace 0000000000000000 ]---

Fixes: 1b05ece0c9 ("crypto: ccp - During shutdown, check SEV data pointer before using")
Cc: stable@vger.kernel.org
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Acked-by: John Allen <john.allen@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-02-02 18:08:12 +08:00
..
accel drm-next for 6.8: 2024-01-12 11:32:19 -08:00
accessibility
acpi cxl for v6.8 2024-01-18 16:22:43 -08:00
amba
android Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
ata ata changes for 6.8-rc1 2024-01-11 13:49:00 -08:00
atm net: fill in MODULE_DESCRIPTION()s for ATM 2024-01-05 08:04:23 -08:00
auxdisplay drm-next for 6.8: 2024-01-12 11:32:19 -08:00
base RTC for 6.8 2024-01-18 17:25:39 -08:00
bcma
block for-6.8/block-2024-01-18 2024-01-18 18:22:40 -08:00
bluetooth USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
bus Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
cache
cdrom
cdx cdx: Unlock on error path in rescan_store() 2024-01-04 17:01:14 +01:00
char TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
clk clk: qcom: gcc-x1e80100: Replace of_device.h with explicit includes 2024-01-19 08:17:28 -06:00
clocksource
comedi
connector Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
counter
cpufreq Merge branches 'pm-sleep', 'pm-cpufreq' and 'pm-qos' into pm 2024-01-16 12:23:24 +01:00
cpuidle
crypto crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked 2024-02-02 18:08:12 +08:00
cxl cxl/core: use sysfs_emit() for attr's _show() 2024-01-12 14:47:04 -08:00
dax New code for 6.8: 2024-01-10 08:45:22 -08:00
dca
devfreq
dio
dma dmaengine fixes for v6.8-rc1 2024-01-20 15:03:25 -08:00
dma-buf
dpll dpll: expose fractional frequency offset value to user 2024-01-05 07:58:19 -08:00
edac Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
eisa
extcon
firewire firewire: core: fill model field in modalias of unit device for legacy layout of configuration ROM 2024-01-10 18:37:13 +09:00
firmware Revert "firmware/sysfb: Clear screen_info state after consuming it" 2024-01-19 22:22:26 +01:00
fpga Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
fsi
gnss TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
gpio gpio fixes for v6.8-rc1 2024-01-18 17:03:51 -08:00
gpu drm fixes for 6.8-rc1 2024-01-19 11:50:00 -08:00
greybus TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
hid hid-for-linus-2024010801 2024-01-12 14:45:13 -08:00
hsi
hte
hv
hwmon hwmon: (npcm750-pwm-fan) Fix crash observed when instantiating nuvoton,npcm750-pwm-fan 2024-01-14 07:44:38 -08:00
hwspinlock
hwtracing
i2c This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-01-08 00:51:36 +01:00
idle Power management updates for 6.8-rc1 2024-01-09 16:32:11 -08:00
iio TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
infiniband RDMA v6.8 merge window 2024-01-12 13:52:21 -08:00
input Input updates for 6.8 merge window: 2024-01-18 17:21:35 -08:00
interconnect Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
iommu iommufd for 6.8 2024-01-18 15:28:15 -08:00
ipack TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
irqchip header cleanups for 6.8 2024-01-10 16:43:55 -08:00
isdn
leds - New Drivers 2024-01-17 15:25:27 -08:00
macintosh
mailbox mediatek: add CMDQ support for mt8188 2024-01-17 15:39:32 -08:00
mcb
md for-6.8/block-2024-01-18 2024-01-18 18:22:40 -08:00
media media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) 2024-01-20 13:30:00 -08:00
memory IOMMU Updates for Linux v6.8 2024-01-18 15:16:57 -08:00
memstick
message
mfd TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
misc This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
mmc TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
most
mtd This pull request contains updates for UBI and UBIFS: 2024-01-17 10:27:13 -08:00
mux mux: mmio: use reg property when parent device is not a syscon 2024-01-04 17:01:14 +01:00
net net: can: Use device_get_match_data() 2024-01-19 08:08:53 -06:00
nfc
ntb
nubus nubus: Make nubus_bus_type static and constant 2024-01-03 13:33:59 +01:00
nvdimm virtio: features, fixes 2024-01-18 16:44:03 -08:00
nvme for-6.8/block-2024-01-18 2024-01-18 18:22:40 -08:00
nvmem Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
of IOMMU Updates for Linux v6.8 2024-01-18 15:16:57 -08:00
opp OPP: Rename 'rate_clk_single' 2024-01-05 15:55:41 +05:30
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-07 22:59:16 +01:00
parport
pci cxl for v6.8 2024-01-18 16:22:43 -08:00
pcmcia
peci
perf ACPI updates for 6.8-rc1 2024-01-09 16:12:44 -08:00
phy phy-for-6.8 2024-01-18 17:11:43 -08:00
pinctrl This is the main pin control pull request for the v6.8 kernel series. 2024-01-17 15:55:33 -08:00
platform USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
pmdomain Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
pnp More ACPI updates for 6.8-rc1 2024-01-17 14:37:40 -08:00
power power: supply: bq24190_charger: Fix "initializer element is not constant" error 2024-01-19 01:03:17 +01:00
powercap
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
pwm pwm: jz4740: Don't use dev_err_probe() in .request() 2024-01-12 18:25:05 +01:00
rapidio
ras
regulator pwm: Changes for v6.8-rc1 2024-01-12 14:59:50 -08:00
remoteproc
reset SoC: driver updates for 6.8 2024-01-11 11:31:46 -08:00
rpmsg
rtc rtc: nuvoton: Compatible with NCT3015Y-R and NCT3018Y-R 2024-01-18 01:05:33 +01:00
s390 s390 updates for 6.8 merge window part 2 2024-01-18 14:11:25 -08:00
sbus
scsi SCSI misc on 20240120 2024-01-20 09:42:32 -08:00
sh maple: make maple_bus_type static and const 2024-01-04 14:37:17 +01:00
siox
slimbus
soc Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
soundwire soundwire updates for 6.7 2024-01-18 17:08:31 -08:00
spi spi: Fix for v6.8 2024-01-19 12:50:09 -08:00
spmi
ssb
staging This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
target SCSI misc on 20240120 2024-01-20 09:42:32 -08:00
tc
tee Another moderately busy cycle for documentation, including: 2024-01-11 19:46:52 -08:00
thermal thermal: loongson2: Replace of_device.h with explicit includes 2024-01-19 08:08:53 -06:00
thunderbolt USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
tty RISC-V Patches for the 6.8 Merge Window, Part 4 2024-01-20 11:06:04 -08:00
ufs SCSI misc on 20240120 2024-01-20 09:42:32 -08:00
uio uio: Fix use-after-free in uio_open 2024-01-04 17:03:47 +01:00
usb USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
vdpa virtio: features, fixes 2024-01-18 16:44:03 -08:00
vfio VFIO updates for v6.8-rc1 2024-01-18 15:57:25 -08:00
vhost virtio: features, fixes 2024-01-18 16:44:03 -08:00
video This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
virt Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
virtio virtio: features, fixes 2024-01-18 16:44:03 -08:00
w1
watchdog linux-watchdog 6.8-rc1 tag 2024-01-12 13:32:30 -08:00
xen xen: branch for v6.8-rc1 2024-01-17 13:41:38 -08:00
zorro
Kconfig
Makefile fbdev/intelfb: Remove driver 2024-01-12 12:38:37 +01:00