Discussion:
[PATCH] PCI: Prevent NULL dereference during pciehp probe
Andreas Noever
2014-06-09 21:03:32 UTC
Permalink
pciehp assumes that dev->subordinate exists. But we do not assign a bus
if we run out of bus numbers during enumeration. This leads to a NULL
dereference in init_slot (and other places).

Change pciehp_probe to return -ENODEV when no subordinate bus is
present.

Signed-off-by: Andreas Noever <***@gmail.com>
---
drivers/pci/hotplug/pciehp_core.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
index 0e0a2ff..e5abcaf 100644
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -255,6 +255,13 @@ static int pciehp_probe(struct pcie_device *dev)
else if (pciehp_acpi_slot_detection_check(dev->port))
goto err_out_none;

+ if (!dev->port->subordinate) {
+ /* Can happen if we run out of bus numbers during probe */
+ dev_err(&dev->device,
+ "Hotplug bridge without secondary bus, ignoring\n");
+ goto err_out_none;
+ }
+
ctrl = pcie_init(dev);
if (!ctrl) {
dev_err(&dev->device, "Controller initialization failed\n");
--
2.0.0
Rajat Jain
2014-09-15 22:20:41 UTC
Permalink
Hello Bjorn,

I think this patch needs to be applied to all -stable branches (all the way back to 3.2).

I encounter this same issue on my platform that is running 3.14.y.

Thanks,

Rajat
-----Original Message-----
Sent: Monday, June 09, 2014 2:04 PM
Cc: Andreas Noever
Subject: [PATCH] PCI: Prevent NULL dereference during pciehp probe
pciehp assumes that dev->subordinate exists. But we do not assign a bus if
we run out of bus numbers during enumeration. This leads to a NULL
dereference in init_slot (and other places).
Change pciehp_probe to return -ENODEV when no subordinate bus is
present.
---
drivers/pci/hotplug/pciehp_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/hotplug/pciehp_core.c
b/drivers/pci/hotplug/pciehp_core.c
index 0e0a2ff..e5abcaf 100644
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -255,6 +255,13 @@ static int pciehp_probe(struct pcie_device *dev)
else if (pciehp_acpi_slot_detection_check(dev->port))
goto err_out_none;
+ if (!dev->port->subordinate) {
+ /* Can happen if we run out of bus numbers during probe */
+ dev_err(&dev->device,
+ "Hotplug bridge without secondary bus, ignoring\n");
+ goto err_out_none;
+ }
+
ctrl = pcie_init(dev);
if (!ctrl) {
dev_err(&dev->device, "Controller initialization failed\n");
--
2.0.0
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in the
http://vger.kernel.org/majordomo-info.html
Guenter Roeck
2014-09-23 21:55:09 UTC
Permalink
Post by Rajat Jain
Hello Bjorn,
I think this patch needs to be applied to all -stable branches (all the way back to 3.2).
I encounter this same issue on my platform that is running 3.14.y.
Bjorn,

can you send this to -stable, or is it ok if I do it ?

Thanks,
Guenter
Post by Rajat Jain
Thanks,
Rajat
-----Original Message-----
Sent: Monday, June 09, 2014 2:04 PM
Cc: Andreas Noever
Subject: [PATCH] PCI: Prevent NULL dereference during pciehp probe
pciehp assumes that dev->subordinate exists. But we do not assign a bus if
we run out of bus numbers during enumeration. This leads to a NULL
dereference in init_slot (and other places).
Change pciehp_probe to return -ENODEV when no subordinate bus is
present.
---
drivers/pci/hotplug/pciehp_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/hotplug/pciehp_core.c
b/drivers/pci/hotplug/pciehp_core.c
index 0e0a2ff..e5abcaf 100644
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -255,6 +255,13 @@ static int pciehp_probe(struct pcie_device *dev)
else if (pciehp_acpi_slot_detection_check(dev->port))
goto err_out_none;
+ if (!dev->port->subordinate) {
+ /* Can happen if we run out of bus numbers during probe */
+ dev_err(&dev->device,
+ "Hotplug bridge without secondary bus, ignoring\n");
+ goto err_out_none;
+ }
+
ctrl = pcie_init(dev);
if (!ctrl) {
dev_err(&dev->device, "Controller initialization failed\n");
--
2.0.0
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in the
http://vger.kernel.org/majordomo-info.html
Bjorn Helgaas
2014-09-23 22:04:42 UTC
Permalink
Post by Rajat Jain
Post by Rajat Jain
Hello Bjorn,
I think this patch needs to be applied to all -stable branches (all the way back to 3.2).
I encounter this same issue on my platform that is running 3.14.y.
Bjorn,
can you send this to -stable, or is it ok if I do it ?
I forgot to mention it, but I did mark it for stable, so it should
happen automatically:

https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci/hotplug&id=bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3
Post by Rajat Jain
Post by Rajat Jain
-----Original Message-----
Sent: Monday, June 09, 2014 2:04 PM
Cc: Andreas Noever
Subject: [PATCH] PCI: Prevent NULL dereference during pciehp probe
pciehp assumes that dev->subordinate exists. But we do not assign a bus if
we run out of bus numbers during enumeration. This leads to a NULL
dereference in init_slot (and other places).
Change pciehp_probe to return -ENODEV when no subordinate bus is
present.
---
drivers/pci/hotplug/pciehp_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/hotplug/pciehp_core.c
b/drivers/pci/hotplug/pciehp_core.c
index 0e0a2ff..e5abcaf 100644
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -255,6 +255,13 @@ static int pciehp_probe(struct pcie_device *dev)
else if (pciehp_acpi_slot_detection_check(dev->port))
goto err_out_none;
+ if (!dev->port->subordinate) {
+ /* Can happen if we run out of bus numbers during probe */
+ dev_err(&dev->device,
+ "Hotplug bridge without secondary bus, ignoring\n");
+ goto err_out_none;
+ }
+
ctrl = pcie_init(dev);
if (!ctrl) {
dev_err(&dev->device, "Controller initialization failed\n");
--
2.0.0
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in the
http://vger.kernel.org/majordomo-info.html
Guenter Roeck
2014-09-23 22:07:17 UTC
Permalink
Post by Bjorn Helgaas
Post by Rajat Jain
Post by Rajat Jain
Hello Bjorn,
I think this patch needs to be applied to all -stable branches (all the way back to 3.2).
I encounter this same issue on my platform that is running 3.14.y.
Bjorn,
can you send this to -stable, or is it ok if I do it ?
I forgot to mention it, but I did mark it for stable, so it should
https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci/hotplug&id=bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3
Ah, sorry, I didn't realize that.

Thanks,
Guenter

Bjorn Helgaas
2014-09-16 21:20:48 UTC
Permalink
Post by Andreas Noever
pciehp assumes that dev->subordinate exists. But we do not assign a bus
if we run out of bus numbers during enumeration. This leads to a NULL
dereference in init_slot (and other places).
Change pciehp_probe to return -ENODEV when no subordinate bus is
present.
Applied to pci/hotplug for v3.18, thanks!
Post by Andreas Noever
---
drivers/pci/hotplug/pciehp_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
index 0e0a2ff..e5abcaf 100644
--- a/drivers/pci/hotplug/pciehp_core.c
+++ b/drivers/pci/hotplug/pciehp_core.c
@@ -255,6 +255,13 @@ static int pciehp_probe(struct pcie_device *dev)
else if (pciehp_acpi_slot_detection_check(dev->port))
goto err_out_none;
+ if (!dev->port->subordinate) {
+ /* Can happen if we run out of bus numbers during probe */
+ dev_err(&dev->device,
+ "Hotplug bridge without secondary bus, ignoring\n");
+ goto err_out_none;
+ }
+
ctrl = pcie_init(dev);
if (!ctrl) {
dev_err(&dev->device, "Controller initialization failed\n");
--
2.0.0
Loading...