From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Tong Zhang <ztong0001@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 5.10 12/93] misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
Date: Fri, 9 Jul 2021 22:23:06 -0400 [thread overview]
Message-ID: <20210710022428.3169839-12-sashal@kernel.org> (raw)
In-Reply-To: <20210710022428.3169839-1-sashal@kernel.org>
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit 3ce3e45cc333da707d4d6eb433574b990bcc26f5 ]
There is an issue with the ASPM(optional) capability checking function.
A device might be attached to root complex directly, in this case,
bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL.
Since alcor_pci_init_check_aspm(priv->parent_pdev) checks the PCI link's
ASPM capability and populate parent_cap_off, which will be used later by
alcor_pci_aspm_ctrl() to dynamically turn on/off device, what we can do
here is to avoid checking the capability if we are on the root complex.
This will make pdev_cap_off 0 and alcor_pci_aspm_ctrl() will simply
return when bring called, effectively disable ASPM for the device.
[ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0
[ 1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40
[ 1.253998] Call Trace:
[ 1.254131] ? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci]
[ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci]
Co-developed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210513040732.1310159-1-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cardreader/alcor_pci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/cardreader/alcor_pci.c b/drivers/misc/cardreader/alcor_pci.c
index cd402c89189e..0a62307f7ffb 100644
--- a/drivers/misc/cardreader/alcor_pci.c
+++ b/drivers/misc/cardreader/alcor_pci.c
@@ -139,7 +139,13 @@ static void alcor_pci_init_check_aspm(struct alcor_pci_priv *priv)
u32 val32;
priv->pdev_cap_off = alcor_pci_find_cap_offset(priv, priv->pdev);
- priv->parent_cap_off = alcor_pci_find_cap_offset(priv,
+ /*
+ * A device might be attached to root complex directly and
+ * priv->parent_pdev will be NULL. In this case we don't check its
+ * capability and disable ASPM completely.
+ */
+ if (!priv->parent_pdev)
+ priv->parent_cap_off = alcor_pci_find_cap_offset(priv,
priv->parent_pdev);
if ((priv->pdev_cap_off == 0) || (priv->parent_cap_off == 0)) {
--
2.30.2
next prev parent reply other threads:[~2021-07-10 2:27 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-10 2:22 [PATCH AUTOSEL 5.10 01/93] leds: tlc591xx: fix return value check in tlc591xx_probe() Sasha Levin
2021-07-10 2:22 ` [PATCH AUTOSEL 5.10 02/93] ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 Sasha Levin
2021-07-10 2:22 ` [PATCH AUTOSEL 5.10 03/93] ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake Sasha Levin
2021-07-10 2:22 ` [PATCH AUTOSEL 5.10 04/93] dmaengine: fsl-qdma: check dma_set_mask return value Sasha Levin
2021-07-10 2:22 ` [PATCH AUTOSEL 5.10 05/93] scsi: arcmsr: Fix the wrong CDB payload report to IOP Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 06/93] srcu: Fix broken node geometry after early ssp init Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 07/93] rcu: Reject RCU_LOCKDEP_WARN() false positives Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 08/93] tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 09/93] serial: fsl_lpuart: disable DMA for console and fix sysrq Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 10/93] serial: 8250: of: Check for CONFIG_SERIAL_8250_BCM7271 Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 11/93] misc/libmasm/module: Fix two use after free in ibmasm_init_one Sasha Levin
2021-07-10 2:23 ` Sasha Levin [this message]
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 13/93] ASoC: intel/boards: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 14/93] partitions: msdos: fix one-byte get_unaligned() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 15/93] iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 16/93] iio: magn: bmc150: " Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 17/93] ALSA: usx2y: Avoid camelCase Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 18/93] ALSA: usx2y: Don't call free_pages_exact() with NULL address Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 19/93] Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 20/93] usb: common: usb-conn-gpio: fix NULL pointer dereference of charger Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 21/93] w1: ds2438: fixing bug that would always get page0 Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 22/93] ASoC: Intel: sof_sdw: add quirk support for Brya and BT-offload Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 23/93] scsi: arcmsr: Fix doorbell status being updated late on ARC-1886 Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 24/93] scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 25/93] scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 26/93] scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 27/93] scsi: core: Cap scsi_host cmd_per_lun at can_queue Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 28/93] ALSA: ac97: fix PM reference leak in ac97_bus_remove() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 29/93] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 30/93] scsi: mpt3sas: Fix deadlock while cancelling the running firmware event Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 31/93] scsi: core: Fixup calling convention for scsi_mode_sense() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 32/93] scsi: scsi_dh_alua: Check for negative result value Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 33/93] fs/jfs: Fix missing error code in lmLogInit() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 34/93] scsi: megaraid_sas: Fix resource leak in case of probe failure Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 35/93] scsi: megaraid_sas: Early detection of VD deletion through RaidMap update Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 36/93] scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 37/93] scsi: iscsi: Add iscsi_cls_conn refcount helpers Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 38/93] scsi: iscsi: Fix conn use after free during resets Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 39/93] scsi: iscsi: Fix shost->max_id use Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 40/93] scsi: qedi: Fix null ref during abort handling Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 41/93] scsi: qedi: Fix race during abort timeouts Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 42/93] scsi: qedi: Fix TMF session block/unblock use Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 43/93] scsi: qedi: Fix cleanup " Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 44/93] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 45/93] mfd: cpcap: Fix cpcap dmamask not set warnings Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 46/93] char: xillybus: Fix condition for invoking the xillybus/ subdirectory Sasha Levin
2021-07-10 5:15 ` Eli Billauer
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 47/93] ASoC: img: Fix PM reference leak in img_i2s_in_probe() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 48/93] fsi: Add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 49/93] serial: tty: uartlite: fix console setup Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 50/93] s390/sclp_vt220: fix console name to match device Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 51/93] s390: disable SSP when needed Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 52/93] selftests: timers: rtcpie: skip test if default RTC device does not exist Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 53/93] USB: core: Avoid WARNings for 0-length descriptor requests Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 54/93] ALSA: sb: Fix potential double-free of CSP mixer elements Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 55/93] powerpc/ps3: Add dma_mask to ps3_dma_region Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 56/93] iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 57/93] iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 58/93] ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 59/93] gpio: zynq: Check return value of pm_runtime_get_sync Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 60/93] gpio: zynq: Check return value of irq_get_irq_data Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 61/93] scsi: storvsc: Correctly handle multiple flags in srb_status Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 62/93] ALSA: ppc: fix error return code in snd_pmac_probe() Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 63/93] selftests/powerpc: Fix "no_handler" EBB selftest Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 64/93] gpio: pca953x: Add support for the On Semi pca9655 Sasha Levin
2021-07-10 2:23 ` [PATCH AUTOSEL 5.10 65/93] powerpc/mm/book3s64: Fix possible build error Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 66/93] ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 67/93] habanalabs/gaudi: set the correct cpu_id on MME2_QM failure Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 68/93] habanalabs: remove node from list before freeing the node Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 69/93] s390/processor: always inline stap() and __load_psw_mask() Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 70/93] s390/ipl_parm: fix program check new psw handling Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 71/93] s390/mem_detect: fix diag260() " Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 72/93] s390/mem_detect: fix tprot() " Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 73/93] Input: hideep - fix the uninitialized use in hideep_nvm_unlock() Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 74/93] ALSA: bebob: add support for ToneWeal FW66 Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 75/93] ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 76/93] ALSA: usb-audio: scarlett2: Fix data_mutex lock Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 77/93] ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 78/93] usb: gadget: f_hid: fix endianness issue with descriptors Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 79/93] usb: gadget: hid: fix error return code in hid_bind() Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 80/93] powerpc/boot: Fixup device-tree on little endian Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 81/93] ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 82/93] backlight: lm3630a: Fix return code of .update_status() callback Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 83/93] ALSA: hda: Add IRQ check for platform_get_irq() Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 84/93] ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 85/93] ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 86/93] jfs: fix GPF in diFree Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 87/93] leds: turris-omnia: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 88/93] staging: rtl8723bs: fix macro value for 2.4Ghz only device Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 89/93] intel_th: Wait until port is in reset before programming it Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 90/93] i2c: core: Disable client irq on reboot/shutdown Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 91/93] phy: intel: Fix for warnings due to EMMC clock 175Mhz change in FIP Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 92/93] lib/decompress_unlz4.c: correctly handle zero-padding around initrds Sasha Levin
2021-07-10 2:24 ` [PATCH AUTOSEL 5.10 93/93] kcov: add __no_sanitize_coverage to fix noinstr for all architectures Sasha Levin
2021-07-12 21:48 ` [PATCH AUTOSEL 5.10 01/93] leds: tlc591xx: fix return value check in tlc591xx_probe() Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210710022428.3169839-12-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ztong0001@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).