linux/drivers
Logan Gunthorpe d2fd6e8191 PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
The disable_acs_redir parameter stores a pointer to the string passed to
pci_setup().  However, the string passed to PCI setup is actually a
temporary copy allocated in static __initdata memory.  After init, once the
memory is freed, it is no longer valid to reference this pointer.

This bug was noticed in v5.0-rc1 after a change in commit c5eb119007
("PCI / PM: Allow runtime PM without callback functions") caused
pci_disable_acs_redir() to be called during shutdown which manifested
as an unable to handle kernel paging request at:

  RIP: 0010:pci_enable_acs+0x3f/0x1e0
  Call Trace:
     pci_restore_state.part.44+0x159/0x3c0
     pci_restore_standard_config+0x33/0x40
     pci_pm_runtime_resume+0x2b/0xd0
     ? pci_restore_standard_config+0x40/0x40
     __rpm_callback+0xbc/0x1b0
     rpm_callback+0x1f/0x70
     ? pci_restore_standard_config+0x40/0x40
      rpm_resume+0x4f9/0x710
     ? pci_conf1_read+0xb6/0xf0
     ? pci_conf1_write+0xb2/0xe0
     __pm_runtime_resume+0x47/0x70
     pci_device_shutdown+0x1e/0x60
     device_shutdown+0x14a/0x1f0
     kernel_restart+0xe/0x50
     __do_sys_reboot+0x1ee/0x210
     ? __fput+0x144/0x1d0
     do_writev+0x5e/0xf0
     ? do_writev+0x5e/0xf0
     do_syscall_64+0x48/0xf0
     entry_SYSCALL_64_after_hwframe+0x44/0xa9

It was also likely possible to trigger this bug when hotplugging PCI
devices.

To fix this, instead of storing a pointer, we use kstrdup() to copy the
disable_acs_redir_param to its own buffer which will never be freed.

Fixes: aaca43fda7 ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support")
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
2019-01-17 08:46:34 -06:00
..
accessibility
acpi Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
amba
android binder: implement binderfs 2018-12-19 09:40:13 +01:00
ata for-4.21/libata-20190102 2019-01-02 18:47:56 -08:00
atm
auxdisplay auxdisplay: charlcd: fix x/y command parsing 2018-12-21 21:27:21 +01:00
base Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-01-05 13:25:58 -08:00
bcma
block block: sunvdc: don't run hw queue synchronously from irq context 2019-01-03 08:21:47 -07:00
bluetooth Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading 2018-12-19 13:43:42 +01:00
bus ARM: SoC driver updates 2018-12-31 17:32:35 -08:00
cdrom gdrom: fix a memory leak bug 2018-12-29 08:20:44 -07:00
char Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
clk Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-01-02 18:56:59 -08:00
clocksource arch/csky patches for 4.21-rc1 2019-01-05 09:50:07 -08:00
connector
cpufreq powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
cpuidle powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
crypto Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
dax mm, devm_memremap_pages: fix shutdown handling 2018-12-28 12:11:47 -08:00
dca
devfreq
dio
dma Merge branch 'next/drivers' into next/late 2019-01-04 14:31:38 -08:00
dma-buf drivers/dma-buf/udmabuf.c: convert to use vm_fault_t 2019-01-04 13:13:46 -08:00
edac EDAC, fsl_ddr: Add LS1021A to the list of supported hardware 2018-12-19 11:57:45 +01:00
eisa
extcon
firewire FireWire (IEEE 1394) subsystem patch: 2019-01-05 18:33:21 -08:00
firmware arm64 fixes for -rc1 2019-01-05 11:28:39 -08:00
fmc
fpga Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
fsi
gnss
gpio This is the bulk of GPIO changes for the v4.21 kernel series: 2018-12-28 20:00:21 -08:00
gpu drm i915 gvt, amdgpu, core fixes 2019-01-05 18:25:19 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2019-01-05 17:53:40 -08:00
hsi
hv Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
hwmon Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
hwspinlock hwspinlock: fix return value check in stm32_hwspinlock_probe() 2019-01-03 11:42:10 -08:00
hwtracing intel_th: msu: Fix an off-by-one in attribute store 2018-12-19 20:21:06 +01:00
i2c Merge branch 'i2c/for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-01-05 18:13:35 -08:00
i3c
ide for-4.21/block-20181221 2018-12-28 13:19:59 -08:00
idle
iio Staging/IIO driver patches for 4.21-rc1 2018-12-28 20:39:58 -08:00
infiniband 4.21 merge window 2nd pull request 2019-01-05 18:20:51 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-01-02 18:56:59 -08:00
iommu IOMMU Updates for Linux v4.21 2019-01-01 15:55:29 -08:00
ipack
irqchip Xtensa updates for v4.21: 2018-12-29 09:40:40 -08:00
isdn isdn: fix kernel-infoleak in capi_unlocked_ioctl 2019-01-02 10:31:39 -08:00
leds LEDs for 4.21-rc1 2018-12-25 14:52:50 -08:00
lightnvm lightnvm: pblk: fix use-after-free bug 2018-12-22 14:45:35 -07:00
macintosh Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
mailbox mailbox: tegra-hsp: Use device-managed registration API 2018-12-21 22:31:26 -06:00
mcb
md Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md into for-linus 2019-01-03 08:21:02 -07:00
media Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
memory ARM: SoC: late updates 2019-01-05 11:30:37 -08:00
memstick MMC core: 2018-12-28 16:52:18 -08:00
message
mfd
misc Merge branch 'i2c/for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-01-05 18:13:35 -08:00
mmc MMC core: 2018-12-28 16:52:18 -08:00
mtd Kbuild updates for v4.21 2018-12-29 12:03:17 -08:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-03 12:53:47 -08:00
nfc
ntb
nubus
nvdimm Merge branch 'akpm' (patches from Andrew) 2018-12-28 16:55:46 -08:00
nvme nvme-pci: trace SQ status on completions 2018-12-19 08:35:36 +01:00
nvmem
of Merge tag 'devicetree-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux 2018-12-28 20:08:34 -08:00
opp
oprofile
parisc Kconfig file consolidation for v4.21 2018-12-29 13:40:29 -08:00
parport
pci PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter 2019-01-17 08:46:34 -06:00
pcmcia Included in this update: 2019-01-05 11:23:17 -08:00
perf drivers/perf: hisi: Fixup one DDRC PMU register offset 2019-01-04 10:13:27 +00:00
phy
pinctrl Pin control bulk changes for the v4.21 kernel cycle: 2019-01-01 13:19:16 -08:00
platform chrome platform changes for v4.21 2019-01-06 11:40:06 -08:00
pnp Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
power power supply and reset changes for the v4.21 series 2018-12-28 20:22:45 -08:00
powercap
pps Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
ps3
ptp Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
pwm pwm: imx: Add ipg clock operation 2018-12-24 12:06:56 +01:00
rapidio
ras treewide: surround Kconfig file paths with double quotes 2018-12-22 00:25:54 +09:00
regulator Merge remote-tracking branch 'regulator/topic/coupled' into regulator-next 2018-12-21 13:43:35 +00:00
remoteproc
reset
rpmsg
rtc RTC for 4.21 2019-01-01 13:24:31 -08:00
s390 s390 updates for the 4.21 merge window 2019-01-02 18:37:01 -08:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next 2018-12-26 10:32:18 -08:00
scsi Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
sfi
sh
siox
slimbus
sn
soc ARM: SoC driver updates 2018-12-31 17:32:35 -08:00
soundwire
spi spi: Updates for v4.21 2018-12-25 14:43:54 -08:00
spmi
ssb
staging Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
target SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
tc
tee OP-TEE dynamic shm log message 2018-12-31 13:06:30 -08:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2019-01-05 16:07:28 -08:00
thunderbolt
tty ARM: SoC: late updates 2019-01-05 11:30:37 -08:00
uio Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
usb pci-v4.21-changes 2019-01-05 17:57:34 -08:00
uwb
vfio IOMMU Updates for Linux v4.21 2019-01-01 15:55:29 -08:00
vhost Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
video fbdev changes for v4.21: 2019-01-05 18:15:37 -08:00
virt
virtio virtio, vhost: features, fixes, cleanups 2019-01-02 18:54:45 -08:00
visorbus
vlynq
vme
w1 treewide: surround Kconfig file paths with double quotes 2018-12-22 00:25:54 +09:00
watchdog linux-watchdog 4.21-rc1 tag 2019-01-01 13:16:45 -08:00
xen Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
zorro
Kconfig Kconfig file consolidation for v4.21 2018-12-29 13:40:29 -08:00
Makefile