# git rev-parse -q --verify 8acecf9eda1846b9be8114d9cd665fbc38af223e^{commit} 8acecf9eda1846b9be8114d9cd665fbc38af223e already have revision, skipping fetch # git checkout -q -f -B kisskb 8acecf9eda1846b9be8114d9cd665fbc38af223e # git clean -qxdf # < git log -1 # commit 8acecf9eda1846b9be8114d9cd665fbc38af223e # Author: Russell Currey # Date: Wed Mar 22 14:53:22 2023 +1100 # # powerpc/iommu: Fix notifiers being shared by PCI and VIO buses # # fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both # PCI and VIO buses. struct notifier_block is a linked list node, so this # causes any notifiers later registered to either bus type to also be # registered to the other since they share the same node. # # This causes issues in (at least) the vgaarb code, which registers a # notifier for PCI buses. pci_notify() ends up being called on a vio # device, converted with to_pci_dev() even though it's not a PCI device, # and finally makes a bad access in vga_arbiter_add_pci_device() as # discovered with KASAN: # # BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00 # Read of size 4 at addr c000000264c26fdc by task swapper/0/1 # # Call Trace: # dump_stack_lvl+0x1bc/0x2b8 (unreliable) # print_report+0x3f4/0xc60 # kasan_report+0x244/0x698 # __asan_load4+0xe8/0x250 # vga_arbiter_add_pci_device+0x60/0xe00 # pci_notify+0x88/0x444 # notifier_call_chain+0x104/0x320 # blocking_notifier_call_chain+0xa0/0x140 # device_add+0xac8/0x1d30 # device_register+0x58/0x80 # vio_register_device_node+0x9ac/0xce0 # vio_bus_scan_register_devices+0xc4/0x13c # __machine_initcall_pseries_vio_device_init+0x94/0xf0 # do_one_initcall+0x12c/0xaa8 # kernel_init_freeable+0xa48/0xba8 # kernel_init+0x64/0x400 # ret_from_kernel_thread+0x5c/0x64 # # Fix this by creating separate notifier_block structs for each bus type. # # Fixes: d6b9a81b2a45 ("powerpc: IOMMU fault injection") # Reported-by: Nageswara R Sastry # Signed-off-by: Russell Currey # Tested-by: Nageswara R Sastry # Reviewed-by: Andrew Donnellan # Signed-off-by: Michael Ellerman # Link: https://msgid.link/20230322035322.328709-1-ruscur@russell.cc # < /opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 8acecf9eda1846b9be8114d9cd665fbc38af223e # make -s -j 160 ARCH=powerpc O=/kisskb/build/powerpc-next_mpc85xx_defconfig+KVM_powerpc-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- mpc85xx_defconfig Using /kisskb/src/arch/powerpc/configs/mpc85xx_base.config as base Merging /kisskb/src/arch/powerpc/configs/85xx-32bit.config Merging /kisskb/src/arch/powerpc/configs/85xx-hw.config Merging /kisskb/src/arch/powerpc/configs/fsl-emb-nonhw.config # # merged configuration written to .config (needs make) # # Added to kconfig CONFIG_PPC_E500MC=y # Added to kconfig CONFIG_VIRTUALIZATION=y # Added to kconfig CONFIG_KVM_E500MC=y # Added to kconfig # < make -s -j 160 ARCH=powerpc O=/kisskb/build/powerpc-next_mpc85xx_defconfig+KVM_powerpc-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 160 ARCH=powerpc O=/kisskb/build/powerpc-next_mpc85xx_defconfig+KVM_powerpc-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig .config:4515:warning: override: reassigning to symbol PPC_E500MC .config:4516:warning: override: reassigning to symbol VIRTUALIZATION # make -s -j 160 ARCH=powerpc O=/kisskb/build/powerpc-next_mpc85xx_defconfig+KVM_powerpc-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- In file included from /kisskb/src/include/linux/build_bug.h:5, from /kisskb/src/include/linux/container_of.h:5, from /kisskb/src/include/linux/list.h:5, from /kisskb/src/include/linux/module.h:12, from /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:15: /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c: In function 'allocate_bd': /kisskb/src/include/linux/err.h:28:49: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 28 | #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) | ^ /kisskb/src/include/linux/compiler.h:77:45: note: in definition of macro 'unlikely' 77 | # define unlikely(x) __builtin_expect(!!(x), 0) | ^ /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:139:13: note: in expansion of macro 'IS_ERR_VALUE' 139 | if (IS_ERR_VALUE(fep->ring_mem_addr)) | ^~~~~~~~~~~~ Completed OK # rm -rf /kisskb/build/powerpc-next_mpc85xx_defconfig+KVM_powerpc-gcc12 # Build took: 0:03:22.051716