All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v3] x86: don't assume all fb devices are PCI devices
@ 2016-03-15  8:20 Vitaly Kuznetsov
  2016-03-15 10:09 ` Ingo Molnar
  2016-03-15 10:39 ` [tip:x86/urgent] x86/video: Don't assume all FB " tip-bot for Vitaly Kuznetsov
  0 siblings, 2 replies; 3+ messages in thread
From: Vitaly Kuznetsov @ 2016-03-15  8:20 UTC (permalink / raw)
  To: x86
  Cc: linux-kernel, Thomas Gleixner, Ingo Molnar, H. Peter Anvin,
	Cathy Avery, K. Y. Srinivasan, Bjorn Helgaas

When booting Hyper-V Generation 2 guests KASAN reports the following
out-of-bounds access:

BUG: KASAN: slab-out-of-bounds in fb_is_primary_device+0x58/0x70 at addr
  ffff880079cf0eb0
Read of size 8 by task swapper/0/1
...
 [<ffffffff81581308>] dump_stack+0x63/0x8b
 [<ffffffff812e1f99>] print_trailer+0xf9/0x150
 [<ffffffff812e7344>] object_err+0x34/0x40
 [<ffffffff812e9630>] kasan_report_error+0x230/0x550
 [<ffffffff812e9ee8>] kasan_report+0x58/0x60
 [<ffffffff812e4500>] ? ___slab_alloc+0x80/0x490
 [<ffffffff81878a28>] ? fb_is_primary_device+0x58/0x70
 [<ffffffff812e87cd>] __asan_load8+0x5d/0x70
 [<ffffffff81878a28>] fb_is_primary_device+0x58/0x70
 [<ffffffff8162357a>] register_framebuffer+0xda/0x5b0
 [<ffffffff816234a0>] ? remove_conflicting_framebuffers+0x50/0x50
...

The issue is caused by the to_pci_dev() call with no check that the given
info->device is in fact a pci device and some fb devices (Hyper-V FB, EFI
FB,...) are not. While on it, cleanup the function.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
Changes since v2: cleanup fb_is_primary_device() [Bjorn Helgaas, Ingo Molnar].
---
 arch/x86/video/fbdev.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/arch/x86/video/fbdev.c b/arch/x86/video/fbdev.c
index d5644bb..9fd2484 100644
--- a/arch/x86/video/fbdev.c
+++ b/arch/x86/video/fbdev.c
@@ -14,26 +14,24 @@
 int fb_is_primary_device(struct fb_info *info)
 {
 	struct device *device = info->device;
-	struct pci_dev *pci_dev = NULL;
 	struct pci_dev *default_device = vga_default_device();
-	struct resource *res = NULL;
+	struct pci_dev *pci_dev;
+	struct resource *res;
 
-	if (device)
-		pci_dev = to_pci_dev(device);
-
-	if (!pci_dev)
+	if (!device || !dev_is_pci(device))
 		return 0;
 
+	pci_dev = to_pci_dev(device);
+
 	if (default_device) {
 		if (pci_dev == default_device)
 			return 1;
-		else
-			return 0;
+		return 0;
 	}
 
-	res = &pci_dev->resource[PCI_ROM_RESOURCE];
+	res = pci_dev->resource + PCI_ROM_RESOURCE;
 
-	if (res && res->flags & IORESOURCE_ROM_SHADOW)
+	if (res->flags & IORESOURCE_ROM_SHADOW)
 		return 1;
 
 	return 0;
-- 
2.5.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v3] x86: don't assume all fb devices are PCI devices
  2016-03-15  8:20 [PATCH v3] x86: don't assume all fb devices are PCI devices Vitaly Kuznetsov
@ 2016-03-15 10:09 ` Ingo Molnar
  2016-03-15 10:39 ` [tip:x86/urgent] x86/video: Don't assume all FB " tip-bot for Vitaly Kuznetsov
  1 sibling, 0 replies; 3+ messages in thread
From: Ingo Molnar @ 2016-03-15 10:09 UTC (permalink / raw)
  To: Vitaly Kuznetsov
  Cc: x86, linux-kernel, Thomas Gleixner, Ingo Molnar, H. Peter Anvin,
	Cathy Avery, K. Y. Srinivasan, Bjorn Helgaas


* Vitaly Kuznetsov <vkuznets@redhat.com> wrote:

> When booting Hyper-V Generation 2 guests KASAN reports the following
> out-of-bounds access:
> 
> BUG: KASAN: slab-out-of-bounds in fb_is_primary_device+0x58/0x70 at addr
>   ffff880079cf0eb0
> Read of size 8 by task swapper/0/1
> ...
>  [<ffffffff81581308>] dump_stack+0x63/0x8b
>  [<ffffffff812e1f99>] print_trailer+0xf9/0x150
>  [<ffffffff812e7344>] object_err+0x34/0x40
>  [<ffffffff812e9630>] kasan_report_error+0x230/0x550
>  [<ffffffff812e9ee8>] kasan_report+0x58/0x60
>  [<ffffffff812e4500>] ? ___slab_alloc+0x80/0x490
>  [<ffffffff81878a28>] ? fb_is_primary_device+0x58/0x70
>  [<ffffffff812e87cd>] __asan_load8+0x5d/0x70
>  [<ffffffff81878a28>] fb_is_primary_device+0x58/0x70
>  [<ffffffff8162357a>] register_framebuffer+0xda/0x5b0
>  [<ffffffff816234a0>] ? remove_conflicting_framebuffers+0x50/0x50
> ...
> 
> The issue is caused by the to_pci_dev() call with no check that the given
> info->device is in fact a pci device and some fb devices (Hyper-V FB, EFI
> FB,...) are not. While on it, cleanup the function.
> 
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> ---
> Changes since v2: cleanup fb_is_primary_device() [Bjorn Helgaas, Ingo Molnar].

Applied, thanks!

I also added Bjorn's Acked-by to the commit, as the only change from the last 
version are the cleanups.

Thanks,

	Ingo

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tip:x86/urgent] x86/video: Don't assume all FB devices are PCI devices
  2016-03-15  8:20 [PATCH v3] x86: don't assume all fb devices are PCI devices Vitaly Kuznetsov
  2016-03-15 10:09 ` Ingo Molnar
@ 2016-03-15 10:39 ` tip-bot for Vitaly Kuznetsov
  1 sibling, 0 replies; 3+ messages in thread
From: tip-bot for Vitaly Kuznetsov @ 2016-03-15 10:39 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: hpa, bhelgaas, linux-kernel, cavery, kys, helgaas, mingo, tglx,
	vkuznets, torvalds, peterz

Commit-ID:  743146db071c4a828159211a295d12ff4f61752f
Gitweb:     http://git.kernel.org/tip/743146db071c4a828159211a295d12ff4f61752f
Author:     Vitaly Kuznetsov <vkuznets@redhat.com>
AuthorDate: Tue, 15 Mar 2016 09:20:33 +0100
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 15 Mar 2016 11:08:26 +0100

x86/video: Don't assume all FB devices are PCI devices

When booting Hyper-V Generation 2 guests KASAN reports the following
out-of-bounds access:

  BUG: KASAN: slab-out-of-bounds in fb_is_primary_device+0x58/0x70 at addr ffff880079cf0eb0
  Read of size 8 by task swapper/0/1
  ...
   [<ffffffff81581308>] dump_stack+0x63/0x8b
   [<ffffffff812e1f99>] print_trailer+0xf9/0x150
   [<ffffffff812e7344>] object_err+0x34/0x40
   [<ffffffff812e9630>] kasan_report_error+0x230/0x550
   [<ffffffff812e9ee8>] kasan_report+0x58/0x60
   [<ffffffff812e4500>] ? ___slab_alloc+0x80/0x490
   [<ffffffff81878a28>] ? fb_is_primary_device+0x58/0x70
   [<ffffffff812e87cd>] __asan_load8+0x5d/0x70
   [<ffffffff81878a28>] fb_is_primary_device+0x58/0x70
   [<ffffffff8162357a>] register_framebuffer+0xda/0x5b0
   [<ffffffff816234a0>] ? remove_conflicting_framebuffers+0x50/0x50
  ...

The issue is caused by the to_pci_dev() call with no check that the given
info->device is in fact a PCI device and some FB devices (Hyper-V FB, EFI
FB,...) are not.

While on it, clean up the function.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Bjorn Helgaas <helgaas@kernel.org>
Cc: Cathy Avery <cavery@redhat.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1458030033-10122-1-git-send-email-vkuznets@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/video/fbdev.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/arch/x86/video/fbdev.c b/arch/x86/video/fbdev.c
index d5644bb..9fd2484 100644
--- a/arch/x86/video/fbdev.c
+++ b/arch/x86/video/fbdev.c
@@ -14,26 +14,24 @@
 int fb_is_primary_device(struct fb_info *info)
 {
 	struct device *device = info->device;
-	struct pci_dev *pci_dev = NULL;
 	struct pci_dev *default_device = vga_default_device();
-	struct resource *res = NULL;
+	struct pci_dev *pci_dev;
+	struct resource *res;
 
-	if (device)
-		pci_dev = to_pci_dev(device);
-
-	if (!pci_dev)
+	if (!device || !dev_is_pci(device))
 		return 0;
 
+	pci_dev = to_pci_dev(device);
+
 	if (default_device) {
 		if (pci_dev == default_device)
 			return 1;
-		else
-			return 0;
+		return 0;
 	}
 
-	res = &pci_dev->resource[PCI_ROM_RESOURCE];
+	res = pci_dev->resource + PCI_ROM_RESOURCE;
 
-	if (res && res->flags & IORESOURCE_ROM_SHADOW)
+	if (res->flags & IORESOURCE_ROM_SHADOW)
 		return 1;
 
 	return 0;

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-03-15 10:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-15  8:20 [PATCH v3] x86: don't assume all fb devices are PCI devices Vitaly Kuznetsov
2016-03-15 10:09 ` Ingo Molnar
2016-03-15 10:39 ` [tip:x86/urgent] x86/video: Don't assume all FB " tip-bot for Vitaly Kuznetsov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.