[PATCH] powerpc/papr_scm: don't requests stats with '0' sized stats buffer

Sachin Sant sachinp at linux.ibm.com
Tue May 24 23:51:28 AEST 2022 

> On 24-May-2022, at 4:53 PM, Vaibhav Jain <vaibhav at linux.ibm.com> wrote:
> 
> Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being
> reported with vPMEM when papr_scm probe is being called. The panic is of the
> form below and is observed only with following option disabled(profile) for the
> said LPAR 'Enable Performance Information Collection' in the HMC:
> 
> Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)
> BUG: Kernel NULL pointer dereference on write at 0x0000001c
> Faulting instruction address: 0xc008000001b90844
> Oops: Kernel access of bad area, sig: 11 [#1]
> <snip>
> NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]
> LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]
> Call Trace:
>       0xc00000000941bca0 (unreliable)
>       papr_scm_probe+0x2ac/0x6ec [papr_scm]
>       platform_probe+0x98/0x150
>       really_probe+0xfc/0x510
>       __driver_probe_device+0x17c/0x230
> <snip>
> ---[ end trace 0000000000000000 ]---
> Kernel panic - not syncing: Fatal exception
> 
> On investigation looks like this panic was caused due to a 'stat_buffer' of
> size==0 being provided to drc_pmem_query_stats() to fetch all performance
> stats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called
> since the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused
> due to missing check for 'p->stat_buffer_len' at the beginning of
> papr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support
> performance-stats.
> 
> Fix this by introducing the check for 'p->stat_buffer_len' at the beginning of
> papr_scm_pmu_check_events().
> 
> [1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com
> 
> Fixes: 0e0946e22f3665d2732 ("powerpc/papr_scm: Fix leaking nvdimm_events_map elements")
> Reported-by: Sachin Sant <sachinp at linux.ibm.com>
> Signed-off-by: Vaibhav Jain <vaibhav at linux.ibm.com>
> ---

Thanks Vaibhav for the patch. With the patch the reported problem is fixed.

Tested-by: Sachin Sant <sachinp at linux.ibm.com>

-Sachin

More information about the Linuxppc-dev mailing list