UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Kim Phillips 88aa493f39 crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked 
commit ccb88e9549e7cfd8bcd511c538f437e20026e983 upstream.

The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG_TEST_DRIVER_REMOVE.  Found using KASAN:

[  137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)
[  137.162647] ccp 0000:23:00.1: no command queues available
[  137.170598] ccp 0000:23:00.1: sev enabled
[  137.174645] ccp 0000:23:00.1: psp enabled
[  137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI
[  137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]
[  137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311
[  137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180
[  137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c
[  137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[  137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e
[  137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0
[  137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66
[  137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28
[  137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8
[  137.182693] FS:  0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000
[  137.182693] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0
[  137.182693] Call Trace:
[  137.182693]  <TASK>
[  137.182693]  ? show_regs+0x6c/0x80
[  137.182693]  ? __die_body+0x24/0x70
[  137.182693]  ? die_addr+0x4b/0x80
[  137.182693]  ? exc_general_protection+0x126/0x230
[  137.182693]  ? asm_exc_general_protection+0x2b/0x30
[  137.182693]  ? __sev_platform_shutdown_locked+0x51/0x180
[  137.182693]  sev_firmware_shutdown.isra.0+0x1e/0x80
[  137.182693]  sev_dev_destroy+0x49/0x100
[  137.182693]  psp_dev_destroy+0x47/0xb0
[  137.182693]  sp_destroy+0xbb/0x240
[  137.182693]  sp_pci_remove+0x45/0x60
[  137.182693]  pci_device_remove+0xaa/0x1d0
[  137.182693]  device_remove+0xc7/0x170
[  137.182693]  really_probe+0x374/0xbe0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  __driver_probe_device+0x199/0x460
[  137.182693]  driver_probe_device+0x4e/0xd0
[  137.182693]  __driver_attach+0x191/0x3d0
[  137.182693]  ? __pfx___driver_attach+0x10/0x10
[  137.182693]  bus_for_each_dev+0x100/0x190
[  137.182693]  ? __pfx_bus_for_each_dev+0x10/0x10
[  137.182693]  ? __kasan_check_read+0x15/0x20
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? _raw_spin_unlock+0x27/0x50
[  137.182693]  driver_attach+0x41/0x60
[  137.182693]  bus_add_driver+0x2a8/0x580
[  137.182693]  driver_register+0x141/0x480
[  137.182693]  __pci_register_driver+0x1d6/0x2a0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? esrt_sysfs_init+0x1cd/0x5d0
[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10
[  137.182693]  sp_pci_init+0x22/0x30
[  137.182693]  sp_mod_init+0x14/0x30
[  137.182693]  ? __pfx_sp_mod_init+0x10/0x10
[  137.182693]  do_one_initcall+0xd1/0x470
[  137.182693]  ? __pfx_do_one_initcall+0x10/0x10
[  137.182693]  ? parameq+0x80/0xf0
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  ? __kmalloc+0x3b0/0x4e0
[  137.182693]  ? kernel_init_freeable+0x92d/0x1050
[  137.182693]  ? kasan_populate_vmalloc_pte+0x171/0x190
[  137.182693]  ? srso_return_thunk+0x5/0x5f
[  137.182693]  kernel_init_freeable+0xa64/0x1050
[  137.182693]  ? __pfx_kernel_init+0x10/0x10
[  137.182693]  kernel_init+0x24/0x160
[  137.182693]  ? __switch_to_asm+0x3e/0x70
[  137.182693]  ret_from_fork+0x40/0x80
[  137.182693]  ? __pfx_kernel_init+0x10/0x10
[  137.182693]  ret_from_fork_asm+0x1b/0x30
[  137.182693]  </TASK>
[  137.182693] Modules linked in:
[  137.538483] ---[ end trace 0000000000000000 ]---

Fixes: 1b05ece0c9 ("crypto: ccp - During shutdown, check SEV data pointer before using")
Cc: stable@vger.kernel.org
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Acked-by: John Allen <john.allen@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-02-23 09:25:11 +01:00
..
accel accel/habanalabs: add support for Gaudi2C device 2024-02-05 20:14:29 +00:00
accessibility
acpi ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events 2024-02-05 20:14:15 +00:00
amba
android binder: signal epoll threads of self-work 2024-02-23 09:25:04 +01:00
ata scsi: sd: Fix system start for ATA devices 2023-12-08 08:52:17 +01:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-16 19:10:49 +01:00
auxdisplay
base driver core: fw_devlink: Improve detection of overlapping cycles 2024-02-23 09:24:57 +01:00
bcma
block block/rnbd-srv: Check for unlikely string overflow 2024-02-05 20:14:22 +00:00
bluetooth Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 2024-02-05 20:14:25 +00:00
bus bus: mhi: host: Add spinlock to protect WP access when queueing TREs 2024-01-31 16:18:52 -08:00
cache riscv: RISCV_NONSTANDARD_CACHE_OPS shouldn't depend on RISCV_DMA_NONCOHERENT 2023-10-26 09:42:37 +02:00
cdrom
cdx
char hwrng: starfive - Fix dev_err_probe return error 2024-02-05 20:14:16 +00:00
clk clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks 2024-02-05 20:14:29 +00:00
clocksource clocksource/drivers/timer-ti-dm: Fix make W=n kerneldoc warnings 2024-01-25 15:35:42 -08:00
comedi
connector connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" 2024-02-23 09:25:01 +01:00
counter First set of Counter fixes for 6.6 2023-10-02 13:13:15 +02:00
cpufreq cpufreq/amd-pstate: Fix setting scaling max/min freq values 2024-01-31 16:19:13 -08:00
cpuidle cpuidle: haltpoll: Do not enable interrupts when entering idle 2024-01-25 15:35:15 -08:00
crypto crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked 2024-02-23 09:25:11 +01:00
cxl cxl/region:Fix overflow issue in alloc_hpa() 2024-01-31 16:19:13 -08:00
dax
dca
devfreq PM / devfreq: Synchronize devfreq_monitor_[start/stop] 2024-02-05 20:14:15 +00:00
dio
dma dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA 2024-02-16 19:10:42 +01:00
dma-buf dma-buf: fix check in dma_resv_add_fence 2023-12-08 08:52:19 +01:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 15:35:12 -08:00
eisa
extcon extcon: fix possible name leak in extcon_dev_register() 2024-02-05 20:14:31 +00:00
firewire firewire: core: correct documentation of fw_csr_string() kernel API 2024-02-23 09:25:02 +01:00
firmware x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR 2024-02-16 19:10:47 +01:00
fpga fpga: Fix memory leak for fpga_region_test_class_find() 2023-10-24 19:32:39 +02:00
fsi
gnss
gpio gpio: eic-sprd: Clear interrupt after set the interrupt type 2024-01-31 16:19:12 -08:00
gpu drm/amd/display: Preserve original aspect ratio in create stream 2024-02-23 09:25:08 +01:00
greybus
hid HID: wacom: Do not register input devices until after hid_hw_start 2024-02-23 09:24:56 +01:00
hsi
hte hte: tegra: Fix missing error code in tegra_hte_test_probe() 2023-11-20 11:59:08 +01:00
hv
hwmon hwmon: (coretemp) Fix bogus core_id to attr name mapping 2024-02-16 19:10:49 +01:00
hwspinlock
hwtracing coresight: etm4x: Fix width of CCITMIN field 2024-01-20 11:51:49 +01:00
i2c i2c: i801: Fix block process call transactions 2024-02-23 09:24:59 +01:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-02-05 20:14:31 +00:00
idle x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram 2024-01-25 15:35:12 -08:00
iio iio: pressure: bmp280: Add missing bmp085 to SPI id table 2024-02-23 09:25:07 +01:00
infiniband IB/ipoib: Fix mcast list locking 2024-02-05 20:14:28 +00:00
input Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID 2024-02-16 19:10:55 +01:00
interconnect interconnect: qcom: sm8550: Enable sync_state 2024-02-23 09:24:57 +01:00
iommu iommu: Don't reserve 0-length IOVA region 2024-01-25 15:35:54 -08:00
ipack
irqchip irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors 2024-02-23 09:24:59 +01:00
isdn isdn: mISDN: hfcsusb: Spelling fix in comment 2023-10-23 09:39:46 +01:00
leds leds: trigger: panic: Don't register panic notifier if creating the trigger failed 2024-02-05 20:14:30 +00:00
macintosh
mailbox mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt 2024-02-05 20:14:31 +00:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 17:20:05 +00:00
md dm-crypt, dm-verity: disable tasklets 2024-02-23 09:24:55 +01:00
media media: rc: bpf attach/detach requires write permission 2024-02-23 09:25:07 +01:00
memory memory: tegra: Set BPMP msg flags to reset IPC channels 2023-11-20 11:59:17 +01:00
memstick
message
mfd mfd: ti_am335x_tscadc: Fix TI SoC dependencies 2024-02-05 20:14:31 +00:00
misc misc: fastrpc: Mark all sessions as invalid in cb_remove 2024-02-23 09:25:04 +01:00
mmc mmc: slot-gpio: Allow non-sleeping GPIO ro 2024-02-23 09:25:11 +01:00
most
mtd mtd: rawnand: Clarify conditions to enable continuous reads 2024-01-31 16:18:50 -08:00
mux
net nfp: flower: fix hardware offload for the transfer layer port 2024-02-23 09:25:08 +01:00
nfc nfc: virtual_ncidev: Add variable to check if ndev is running 2023-12-20 17:01:59 +01:00
ntb
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 11:59:19 +01:00
nvme nvmet-tcp: Fix the H2C expected PDU len calculation 2024-01-25 15:35:55 -08:00
nvmem nvmem: brcm_nvram: store a copy of NVRAM content 2024-01-01 12:42:44 +00:00
of of: property: Improve finding the supplier of a remote-endpoint property 2024-02-23 09:24:50 +01:00
opp OPP: Pass rounded rate to _set_opp() 2024-01-31 16:18:49 -08:00
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-31 16:18:52 -08:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-01-20 11:51:48 +01:00
pci PCI: Fix active state requirement in PME polling 2024-02-23 09:24:58 +01:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 11:59:31 +01:00
peci
perf perf: CXL: fix mismatched cpmu event opcode 2024-02-23 09:24:50 +01:00
phy phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP 2024-02-16 19:10:42 +01:00
pinctrl pinctrl: baytrail: Fix types of config value in byt_pin_config_set() 2024-02-05 20:14:30 +00:00
platform platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe 2024-01-31 16:19:07 -08:00
pmdomain pmdomain: mediatek: fix race conditions with genpd 2024-02-23 09:25:07 +01:00
pnp PNP: ACPI: fix fortify warning 2024-02-05 20:14:15 +00:00
power power: supply: Fix null pointer dereference in smb2_probe 2024-01-25 15:35:54 -08:00
powercap powercap: DTPM: Fix missing cpufreq_cpu_put() calls 2023-12-13 18:45:25 +01:00
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 17:19:51 +00:00
pwm pwm: Fix out-of-bounds access in of_pwm_single_xlate() 2024-01-25 15:35:46 -08:00
rapidio
ras
regulator regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register 2024-02-05 20:14:34 +00:00
remoteproc
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-20 11:51:44 +01:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-01-31 16:18:50 -08:00
rtc rtc: Extend timeout for waiting for UIP to clear to 1s 2024-01-31 16:18:56 -08:00
s390 s390/vfio-ap: fix sysfs status attribute for AP queue devices 2024-02-05 20:14:17 +00:00
sbus
scsi scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" 2024-02-23 09:25:01 +01:00
sh
siox
slimbus
soc soc: xilinx: fix unhandled SGI warning message 2024-02-05 20:14:19 +00:00
soundwire soundwire: fix initializing sysfs for same devices on different buses 2024-01-31 16:18:47 -08:00
spi spi: ppc4xx: Drop write-only variable 2024-02-23 09:24:52 +01:00
spmi spmi: mediatek: Fix UAF on device remove 2024-02-05 20:14:32 +00:00
ssb
staging staging: iio: ad5933: fix type mismatch regression 2024-02-23 09:25:06 +01:00
target scsi: target: core: add missing file_{start,end}_write() 2024-01-25 15:35:45 -08:00
tc
tee tee: optee: Fix supplicant based device enumeration 2023-12-13 18:45:11 +01:00
thermal thermal: core: Fix thermal zone suspend-resume synchronization 2024-02-05 20:14:15 +00:00
thunderbolt thunderbolt: Fix memory leak in margining_port_remove() 2024-01-01 12:42:46 +00:00
tty serial: mxs-auart: fix tx 2024-02-23 09:25:10 +01:00
ufs scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() 2024-01-31 16:18:48 -08:00
uio uio: Fix use-after-free in uio_open 2024-01-20 11:51:48 +01:00
usb usb: typec: tpcm: Fix issues with power being removed during reset 2024-02-23 09:25:03 +01:00
vdpa vdpa: Fix an error handling path in eni_vdpa_probe() 2024-01-25 15:35:54 -08:00
vfio hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume 2024-01-25 15:35:55 -08:00
vhost virtio/vsock: send credit update during setting SO_RCVLOWAT 2024-01-25 15:35:26 -08:00
video fbdev: flush deferred IO before closing 2024-01-25 15:35:45 -08:00
virt virt: sevguest: Fix passing a stack buffer as a scatterlist target 2023-11-20 11:59:30 +01:00
virtio virtio_ring: fix syncs DMA memory with different direction 2024-01-05 15:19:41 +01:00
vlynq
w1
watchdog watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 2024-02-05 20:14:29 +00:00
xen xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import 2024-02-05 20:14:31 +00:00
zorro
Kconfig
Makefile