powerpc/powernv: IMC fix out of bounds memory access at shutdown
Michael Ellerman
patch-notifications at ellerman.id.au
Sun Feb 18 19:55:15 AEDT 2018
On Tue, 2018-02-13 at 07:45:11 UTC, Nicholas Piggin wrote:
> The OPAL IMC driver's shutdown handler disables nest PMU counters by
> walking nodes and taking the first CPU out of their cpumask, which is
> used to index into the paca (get_hard_smp_processor_id()). This does
> not always do the right thing, and in particular for CPU-less nodes it
> returns NR_CPUS and that overruns the paca and dereferences random
> memory.
>
> Fix it by being more careful about checking returned CPU, and only
> using online CPUs. It's not clear this shutdown code makes sense
> after commit 885dcd709b ("powerpc/perf: Add nest IMC PMU support"),
> but this should not make things worse
>
> Changing the way pacas are allocated to an array of pointers exposed
> this bug:
...
>
> Cc: Anju T Sudhakar <anju at linux.vnet.ibm.com>
> Cc: Hemant Kumar <hemant at linux.vnet.ibm.com>
> Cc: Madhavan Srinivasan <maddy at linux.vnet.ibm.com>
> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/e7bde88cdb4f0e432398a7d29ca2a1
cheers
More information about the Linuxppc-dev
mailing list