You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SEV_FEATURES and VINTR_CTRL change in Linux can break any program using SEV-SNP attestation, as the digest calculation might rely on older values. This could cause old binaries break on new kernel versions without warning.
Something like LAUNCH_UPDATE_VMSA_RESET_VECTOR command with SEV_FEATURES and VINTR_CTRL as parameters would work out, which would partially overwrite kernel VMSA.
Potentially they could be capped by kernel, i.e. "further restrict what kernel allows" should work out.
Acceptance Criteria
Suggestions for a technical implementation
The text was updated successfully, but these errors were encountered:
In the error path in ata_tport_add(), when calling put_device(),
ata_tport_release() is called, it will put the refcount of 'ap->host'.
And then ata_host_put() is called again, the refcount is decreased
to 0, ata_host_release() is called, all ports are freed and set to
null.
When unbinding the device after failure, ata_host_stop() is called
to release the resources, it leads a null-ptr-deref(), because all
the ports all freed and null.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ enarx#8
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ata_host_stop+0x3c/0x84 [libata]
lr : release_nodes+0x64/0xd0
Call trace:
ata_host_stop+0x3c/0x84 [libata]
release_nodes+0x64/0xd0
devres_release_all+0xbc/0x1b0
device_unbind_cleanup+0x20/0x70
really_probe+0x158/0x320
__driver_probe_device+0x84/0x120
driver_probe_device+0x44/0x120
__driver_attach+0xb4/0x220
bus_for_each_dev+0x78/0xdc
driver_attach+0x2c/0x40
bus_add_driver+0x184/0x240
driver_register+0x80/0x13c
__pci_register_driver+0x4c/0x60
ahci_pci_driver_init+0x30/0x1000 [ahci]
Fix this by removing redundant ata_host_put() in the error path.
Fixes: 2623c7a ("libata: add refcounting to ata_host")
Signed-off-by: Yang Yingliang <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
dpal
pushed a commit
to dpal/linux
that referenced
this issue
Jan 27, 2023
In ata_tport_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ enarx#8
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
device_del+0x48/0x39c
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tport_delete+0x34/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tport_add().
Fixes: d902747 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
Is there an existing issue for this?
Description
SEV_FEATURES and VINTR_CTRL change in Linux can break any program using SEV-SNP attestation, as the digest calculation might rely on older values. This could cause old binaries break on new kernel versions without warning.
Something like LAUNCH_UPDATE_VMSA_RESET_VECTOR command with SEV_FEATURES and VINTR_CTRL as parameters would work out, which would partially overwrite kernel VMSA.
Potentially they could be capped by kernel, i.e. "further restrict what kernel allows" should work out.
Acceptance Criteria
Suggestions for a technical implementation
The text was updated successfully, but these errors were encountered: