• Logan Gunthorpe's avatar
    PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter · d9778b26
    Logan Gunthorpe authored
    [ Upstream commit d2fd6e81 ]
    
    The disable_acs_redir parameter stores a pointer to the string passed to
    pci_setup().  However, the string passed to PCI setup is actually a
    temporary copy allocated in static __initdata memory.  After init, once the
    memory is freed, it is no longer valid to reference this pointer.
    
    This bug was noticed in v5.0-rc1 after a change in commit c5eb1190
    ("PCI / PM: Allow runtime PM without callback functions") caused
    pci_disable_acs_redir() to be called during shutdown which manifested
    as an unable to handle kernel paging request at:
    
      RIP: 0010:pci_enable_acs+0x3f/0x1e0
      Call Trace:
         pci_restore_state.part.44+0x159/0x3c0
         pci_restore_standard_config+0x33/0x40
         pci_pm_runtime_resume+0x2b/0xd0
         ? pci_restore_standard_config+0x40/0x40
         __rpm_callback+0xbc/0x1b0
         rpm_callback+0x1f/0x70
         ? pci_restore_standard_config+0x40/0x40
          rpm_resume+0x4f9/0x710
         ? pci_conf1_read+0xb6/0xf0
         ? pci_conf1_write+0xb2/0xe0
         __pm_runtime_resume+0x47/0x70
         pci_device_shutdown+0x1e/0x60
         device_shutdown+0x14a/0x1f0
         kernel_restart+0xe/0x50
         __do_sys_reboot+0x1ee/0x210
         ? __fput+0x144/0x1d0
         do_writev+0x5e/0xf0
         ? do_writev+0x5e/0xf0
         do_syscall_64+0x48/0xf0
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    It was also likely possible to trigger this bug when hotplugging PCI
    devices.
    
    To fix this, instead of storing a pointer, we use kstrdup() to copy the
    disable_acs_redir_param to its own buffer which will never be freed.
    
    Fixes: aaca43fd ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support")
    Tested-by: 's avatarJarkko Nikula <jarkko.nikula@linux.intel.com>
    Signed-off-by: Logan Gunthorpe's avatarLogan Gunthorpe <logang@deltatee.com>
    Signed-off-by: 's avatarBjorn Helgaas <bhelgaas@google.com>
    Reviewed-by: 's avatarJarkko Nikula <jarkko.nikula@linux.intel.com>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    d9778b26
Name
Last commit
Last update
..
controller Loading commit data...
endpoint Loading commit data...
hotplug Loading commit data...
pcie Loading commit data...
switch Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
access.c Loading commit data...
ats.c Loading commit data...
bus.c Loading commit data...
ecam.c Loading commit data...
host-bridge.c Loading commit data...
iov.c Loading commit data...
irq.c Loading commit data...
mmap.c Loading commit data...
msi.c Loading commit data...
of.c Loading commit data...
p2pdma.c Loading commit data...
pci-acpi.c Loading commit data...
pci-bridge-emul.c Loading commit data...
pci-bridge-emul.h Loading commit data...
pci-driver.c Loading commit data...
pci-label.c Loading commit data...
pci-mid.c Loading commit data...
pci-pf-stub.c Loading commit data...
pci-stub.c Loading commit data...
pci-sysfs.c Loading commit data...
pci.c Loading commit data...
pci.h Loading commit data...
probe.c Loading commit data...
proc.c Loading commit data...
quirks.c Loading commit data...
remove.c Loading commit data...
rom.c Loading commit data...
search.c Loading commit data...
setup-bus.c Loading commit data...
setup-irq.c Loading commit data...
setup-res.c Loading commit data...
slot.c Loading commit data...
syscall.c Loading commit data...
vc.c Loading commit data...
vpd.c Loading commit data...
xen-pcifront.c Loading commit data...