alistair23-linux

redonkable

History

Mahesh Salgaonkar 61ed8c1b94 powerpc/powernv/elog: Fix race while processing OPAL error log event. commit `aea948bb80` upstream. Every error log reported by OPAL is exported to userspace through a sysfs interface and notified using kobject_uevent(). The userspace daemon (opal_errd) then reads the error log and acknowledges the error log is saved safely to disk. Once acknowledged the kernel removes the respective sysfs file entry causing respective resources to be released including kobject. However it's possible the userspace daemon may already be scanning elog entries when a new sysfs elog entry is created by the kernel. User daemon may read this new entry and ack it even before kernel can notify userspace about it through kobject_uevent() call. If that happens then we have a potential race between elog_ack_store->kobject_put() and kobject_uevent which can lead to use-after-free of a kernfs object resulting in a kernel crash. eg: BUG: Unable to handle kernel data access on read at 0x6b6b6b6b6b6b6bfb Faulting instruction address: 0xc0000000008ff2a0 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA PowerNV CPU: 27 PID: 805 Comm: irq/29-opal-elo Not tainted 5.9.0-rc2-gcc-8.2.0-00214-g6f56a67bcbb5-dirty #363 ... NIP kobject_uevent_env+0xa0/0x910 LR elog_event+0x1f4/0x2d0 Call Trace: 0x5deadbeef0000122 (unreliable) elog_event+0x1f4/0x2d0 irq_thread_fn+0x4c/0xc0 irq_thread+0x1c0/0x2b0 kthread+0x1c4/0x1d0 ret_from_kernel_thread+0x5c/0x6c This patch fixes this race by protecting the sysfs file creation/notification by holding a reference count on kobject until we safely send kobject_uevent(). The function create_elog_obj() returns the elog object which if used by caller function will end up in use-after-free problem again. However, the return value of create_elog_obj() function isn't being used today and there is no need as well. Hence change it to return void to make this fix complete. Fixes: `774fea1a38` ("powerpc/powernv: Read OPAL error log and export it through sysfs") Cc: stable@vger.kernel.org # v3.15+ Reported-by: Oliver O'Halloran <oohall@gmail.com> Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Reviewed-by: Oliver O'Halloran <oohall@gmail.com> Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> [mpe: Rework the logic to use a single return, reword comments, add oops] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20201006122051.190176-1-mpe@ellerman.id.au Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-11-05 11:43:31 +01:00
..
Kconfig	powerpc/powernv: Move SCOM access code into powernv platform	2019-08-05 18:53:03 +10:00
Makefile	powerpc/opalcore: export /sys/firmware/opal/core for analysing opal crashes	2019-09-14 00:04:45 +10:00
copy-paste.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
eeh-powernv.c	powerpc/powernv/eeh: Fix oops when probing cxl devices	2019-10-25 22:08:50 +11:00
idle.c	powerpc/powernv: Access LDBAR only if ultravisor disabled	2019-08-30 09:40:16 +10:00
memtrace.c	mm/memory_hotplug: rename walk_memory_range() and pass start+size instead of pfns	2019-07-18 17:08:06 -07:00
npu-dma.c	powerpc/powernv: Fix build with IOMMU_API=n	2019-09-14 00:03:00 +10:00
ocxl.c	ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action	2018-06-03 20:40:32 +10:00
opal-async.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-call.c	powerpc/opal: add MPIPL interface definitions	2019-09-14 00:04:43 +10:00
opal-core.c	powerpc/opalcore: provide an option to invalidate /sys/firmware/opal/core file	2019-09-14 00:04:45 +10:00
opal-dump.c	powerpc/powernv/dump: Fix race while processing OPAL dump	2020-10-29 09:58:00 +01:00
opal-elog.c	powerpc/powernv/elog: Fix race while processing OPAL error log event.	2020-11-05 11:43:31 +01:00
opal-fadump.c	powerpc/fadump: support holes in kernel boot memory area	2019-09-14 00:04:46 +10:00
opal-fadump.h	powerpc/fadump: support holes in kernel boot memory area	2019-09-14 00:04:46 +10:00
opal-flash.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-hmi.c	powerpc/powernv: Show checkstop reason for NPU2 HMIs	2019-06-02 19:39:36 +10:00
opal-imc.c	powerpc/powernv: Avoid re-registration of imc debugfs directory	2020-06-07 13:18:49 +02:00
opal-irqchip.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-kmsg.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-lpc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-memory-errors.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
opal-msglog.c	powerpc/powernv/opal-msglog: Refactor memcons code	2019-08-30 09:40:16 +10:00
opal-nvram.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-power.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-powercap.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-prd.c	powerpc/powernv: Add new opal message type	2019-09-12 09:27:00 +10:00
opal-psr.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-rtc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-sensor-groups.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-sensor.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
opal-sysparam.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
opal-tracepoints.c	jump_label: move 'asm goto' support test to Kconfig	2019-01-06 09:46:51 +09:00
opal-wrappers.S	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
opal-xscom.c	powerpc/powernv: Fix checkpatch warnings in opal-xscom.c	2019-08-05 18:53:03 +10:00
opal.c	powerpc/powernv: Enhance opal message read interface	2019-09-12 09:27:00 +10:00
pci-cxl.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
pci-ioda-tce.c	powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window	2019-08-19 13:20:23 +10:00
pci-ioda.c	powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov()	2020-02-24 08:36:30 +01:00
pci.c	powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov()	2020-02-24 08:36:30 +01:00
pci.h	powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window	2019-08-19 13:20:23 +10:00
powernv.h	powerpc/powernv: Add ultravisor message log interface	2019-08-30 09:40:16 +10:00
rng.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
setup.c	powerpc/64s/powernv: machine check dump SLB contents	2019-08-30 10:32:35 +10:00
smp.c	powerpc/powernv/smp: Fix spurious DBG() warning	2020-11-05 11:43:13 +01:00
subcore-asm.S	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
subcore.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
subcore.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
ultravisor.c	powerpc/powernv: Add ultravisor message log interface	2019-08-30 09:40:16 +10:00
vas-debug.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
vas-trace.h	powerpc/vas: Add a couple of trace points	2018-03-14 20:13:58 +11:00
vas-window.c	powerpc updates for 5.3	2019-07-13 16:08:36 -07:00
vas.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
vas.h	powerpc updates for 5.3	2019-07-13 16:08:36 -07:00