• Logan Gunthorpe's avatar
    PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter · d2fd6e81
    Logan Gunthorpe authored
    The disable_acs_redir parameter stores a pointer to the string passed to
    pci_setup().  However, the string passed to PCI setup is actually a
    temporary copy allocated in static __initdata memory.  After init, once the
    memory is freed, it is no longer valid to reference this pointer.
    
    This bug was noticed in v5.0-rc1 after a change in commit c5eb1190
    ("PCI / PM: Allow runtime PM without callback functions") caused
    pci_disable_acs_redir() to be called during shutdown which manifested
    as an unable to handle kernel paging request at:
    
      RIP: 0010:pci_enable_acs+0x3f/0x1e0
      Call Trace:
         pci_restore_state.part.44+0x159/0x3c0
         pci_restore_standard_config+0x33/0x40
         pci_pm_runtime_resume+0x2b/0xd0
         ? pci_restore_standard_config+0x40/0x40
         __rpm_callback+0xbc/0x1b0
         rpm_callback+0x1f/0x70
         ? pci_restore_standard_config+0x40/0x40
          rpm_resume+0x4f9/0x710
         ? pci_conf1_read+0xb6/0xf0
         ? pci_conf1_write+0xb2/0xe0
         __pm_runtime_resume+0x47/0x70
         pci_device_shutdown+0x1e/0x60
         device_shutdown+0x14a/0x1f0
         kernel_restart+0xe/0x50
         __do_sys_reboot+0x1ee/0x210
         ? __fput+0x144/0x1d0
         do_writev+0x5e/0xf0
         ? do_writev+0x5e/0xf0
         do_syscall_64+0x48/0xf0
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    It was also likely possible to trigger this bug when hotplugging PCI
    devices.
    
    To fix this, instead of storing a pointer, we use kstrdup() to copy the
    disable_acs_redir_param to its own buffer which will never be freed.
    
    Fixes: aaca43fd ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support")
    Tested-by: default avatarJarkko Nikula <jarkko.nikula@linux.intel.com>
    Signed-off-by: default avatarLogan Gunthorpe <logang@deltatee.com>
    Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    Reviewed-by: default avatarJarkko Nikula <jarkko.nikula@linux.intel.com>
    d2fd6e81
Name
Last commit
Last update
..
accessibility Loading commit data...
acpi Loading commit data...
amba Loading commit data...
android Loading commit data...
ata Loading commit data...
atm Loading commit data...
auxdisplay Loading commit data...
base Loading commit data...
bcma Loading commit data...
block Loading commit data...
bluetooth Loading commit data...
bus Loading commit data...
cdrom Loading commit data...
char Loading commit data...
clk Loading commit data...
clocksource Loading commit data...
connector Loading commit data...
cpufreq Loading commit data...
cpuidle Loading commit data...
crypto Loading commit data...
dax Loading commit data...
dca Loading commit data...
devfreq Loading commit data...
dio Loading commit data...
dma Loading commit data...
dma-buf Loading commit data...
edac Loading commit data...
eisa Loading commit data...
extcon Loading commit data...
firewire Loading commit data...
firmware Loading commit data...
fmc Loading commit data...
fpga Loading commit data...
fsi Loading commit data...
gnss Loading commit data...
gpio Loading commit data...
gpu Loading commit data...
hid Loading commit data...
hsi Loading commit data...
hv Loading commit data...
hwmon Loading commit data...
hwspinlock Loading commit data...
hwtracing Loading commit data...
i2c Loading commit data...
i3c Loading commit data...
ide Loading commit data...
idle Loading commit data...
iio Loading commit data...
infiniband Loading commit data...
input Loading commit data...
iommu Loading commit data...
ipack Loading commit data...
irqchip Loading commit data...
isdn Loading commit data...
leds Loading commit data...
lightnvm Loading commit data...
macintosh Loading commit data...
mailbox Loading commit data...
mcb Loading commit data...
md Loading commit data...
media Loading commit data...
memory Loading commit data...
memstick Loading commit data...
message Loading commit data...
mfd Loading commit data...
misc Loading commit data...
mmc Loading commit data...
mtd Loading commit data...
mux Loading commit data...
net Loading commit data...
nfc Loading commit data...
ntb Loading commit data...
nubus Loading commit data...
nvdimm Loading commit data...
nvme Loading commit data...
nvmem Loading commit data...
of Loading commit data...
opp Loading commit data...
oprofile Loading commit data...
parisc Loading commit data...
parport Loading commit data...
pci Loading commit data...
pcmcia Loading commit data...
perf Loading commit data...
phy Loading commit data...
pinctrl Loading commit data...
platform Loading commit data...
pnp Loading commit data...
power Loading commit data...
powercap Loading commit data...
pps Loading commit data...
ps3 Loading commit data...
ptp Loading commit data...
pwm Loading commit data...
rapidio Loading commit data...
ras Loading commit data...
regulator Loading commit data...
remoteproc Loading commit data...
reset Loading commit data...
rpmsg Loading commit data...
rtc Loading commit data...
s390 Loading commit data...
sbus Loading commit data...
scsi Loading commit data...
sfi Loading commit data...
sh Loading commit data...
siox Loading commit data...
slimbus Loading commit data...
sn Loading commit data...
soc Loading commit data...
soundwire Loading commit data...
spi Loading commit data...
spmi Loading commit data...
ssb Loading commit data...
staging Loading commit data...
target Loading commit data...
tc Loading commit data...
tee Loading commit data...
thermal Loading commit data...
thunderbolt Loading commit data...
tty Loading commit data...
uio Loading commit data...
usb Loading commit data...
uwb Loading commit data...
vfio Loading commit data...
vhost Loading commit data...
video Loading commit data...
virt Loading commit data...
virtio Loading commit data...
visorbus Loading commit data...
vlynq Loading commit data...
vme Loading commit data...
w1 Loading commit data...
watchdog Loading commit data...
xen Loading commit data...
zorro Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...