From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 179A2C433E2 for ; Fri, 11 Sep 2020 16:49:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 83EBD221EB for ; Fri, 11 Sep 2020 16:48:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=alien8.de header.i=@alien8.de header.b="M+6tnxuE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726312AbgIKQsq (ORCPT ); Fri, 11 Sep 2020 12:48:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726144AbgIKQsf (ORCPT ); Fri, 11 Sep 2020 12:48:35 -0400 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43DE9C061756; Fri, 11 Sep 2020 09:48:25 -0700 (PDT) Received: from zn.tnic (p200300ec2f16220019bfa9b7fca69232.dip0.t-ipconnect.de [IPv6:2003:ec:2f16:2200:19bf:a9b7:fca6:9232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 9A67D1EC0521; Fri, 11 Sep 2020 18:48:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1599842901; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=92tB14fCfWJVkqIQFruLbk3LxUVqdaBVnBo1kgSV+Ms=; b=M+6tnxuEGVbFFBIGs/5kwKc+7X7OSo97MbBvaUvn4b9rqicaUi34nNzICYrdquHOLDWpJ5 zZPRE/YAlseA6erSi+VZiZhj0KMJJ8edZfqowtM99pGiQvSm5dYiCr+2bCZScE9OS+8NhV 8DpakZvJNHXTL4+fGJiMqPqM7JaWf14= Date: Fri, 11 Sep 2020 18:48:17 +0200 From: Borislav Petkov To: Shiju Jose Cc: "linux-edac@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "mchehab@kernel.org" , "tony.luck@intel.com" , "james.morse@arm.com" , Linuxarm , Robert Richter Subject: Re: [PATCH 1/1] EDAC/ghes: Fix for NULL pointer dereference in ghes_edac_register() Message-ID: <20200911164817.GA19320@zn.tnic> References: <20200825130108.2132-1-shiju.jose@huawei.com> <20200826085229.GB22390@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Sender: linux-edac-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-edac@vger.kernel.org On Thu, Aug 27, 2020 at 02:02:27PM +0000, Shiju Jose wrote: > I tested with your changes and it fixes the issue. I will send v2. Btw, I don't know how it managed to work on your machine because even with this patch, it isn't all fixed because num_dimms needs to be cleared too, see here: --- From: Borislav Petkov Date: Fri, 11 Sep 2020 12:55:55 +0200 Subject: [PATCH] EDAC/ghes: Clear scanned data on unload Commit b972fdba8665 ("EDAC/ghes: Fix NULL pointer dereference in ghes_edac_register()") didn't clear all the information from the scanned system and, more specifically, left ghes_hw.num_dimms to its previous value. On a second load (CONFIG_DEBUG_TEST_DRIVER_REMOVE=y), the driver would use the leftover num_dimms value which is not 0 and thus the 0 check in enumerate_dimms() will get bypassed and it would go directly to the pointer deref: d = &hw->dimms[hw->num_dimms]; which is, of course, NULL: #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP CPU: 7 PID: 1 Comm: swapper/0 Not tainted 5.9.0-rc4+ #7 Hardware name: GIGABYTE MZ01-CE1-00/MZ01-CE1-00, BIOS F02 08/29/2018 RIP: 0010:enumerate_dimms.cold+0x7b/0x375 Reset the whole ghes_hw on driver unregister so that no stale values are used on a second system scan. Fixes: b972fdba8665 ("EDAC/ghes: Fix NULL pointer dereference in ghes_edac_register()") Cc: Shiju Jose Signed-off-by: Borislav Petkov --- drivers/edac/ghes_edac.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c index a6b9c0b2a15c..eb6034a6fbbb 100644 --- a/drivers/edac/ghes_edac.c +++ b/drivers/edac/ghes_edac.c @@ -632,6 +632,7 @@ void ghes_edac_unregister(struct ghes *ghes) mutex_lock(&ghes_reg_mutex); system_scanned = false; + memset(&ghes_hw, 0, sizeof(struct ghes_hw_desc)); if (!refcount_dec_and_test(&ghes_refcount)) goto unlock; -- 2.21.0 -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette