diff mbox series

5.4.y, 4.14.y, 4.19.y [PATCH] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()

Message ID 12b04d71-e3dc-c2d3-2e8d-f11c2650764a@oracle.com
State Superseded
Headers show
Series 5.4.y, 4.14.y, 4.19.y [PATCH] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() | expand

Commit Message

George Kennedy April 30, 2021, 7:05 p.m. UTC 
commit 6998a8800d73116187aad542391ce3b2dd0f9e30 upstream.

Upstream commit 6998a8800d73116187aad542391ce3b2dd0f9e30 along with 
upstream commit 1a1c130ab7575498eed5bcf7220037ae09cd1f8a (ACPI: tables: 
x86: Reserve memory occupied by ACPI tables) fixes the following issue.

Mounting an iSCSI volume during boot causes the following crash with a 
KASAN enabled kernel:

[   17.239703] iscsi: registered transport (iser)
[   17.241038] OPA Virtual Network Driver - v1.0
[   17.242833] iBFT detected.
[   17.243593] 
Thank you,
George
diff mbox series

Patch

==================================================================
[   17.243615] BUG: KASAN: use-after-free in ibft_init+0x134/0xab7
[   17.243615] Read of size 4 at addr ffff8880be451004 by task swapper/0/1
[   17.243615]
[   17.243615] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 
4.19.190-rc1-1bd8f1c #1
[   17.243615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), 
BIOS 0.0.0 02/06/2015
[   17.243615] Call Trace:
[   17.243615]  dump_stack+0xb3/0xf0
[   17.243615]  ? ibft_init+0x134/0xab7
[   17.243615]  print_address_description+0x71/0x239
[   17.243615]  ? ibft_init+0x134/0xab7
[   17.243615]  kasan_report.cold.6+0x242/0x2fe
[   17.243615]  __asan_report_load_n_noabort+0x14/0x20
[   17.243615]  ibft_init+0x134/0xab7
[   17.243615]  ? dcdrbu_init+0x1e6/0x225
[   17.243615]  ? ibft_check_initiator_for+0x14a/0x14a
[   17.243615]  ? ibft_check_initiator_for+0x14a/0x14a
[   17.243615]  do_one_initcall+0xb6/0x3a0
[   17.243615]  ? perf_trace_initcall_level+0x430/0x430
[   17.243615]  ? kasan_unpoison_shadow+0x35/0x50
[   17.243615]  kernel_init_freeable+0x54d/0x64d
[   17.243615]  ? start_kernel+0x7e9/0x7e9
[   17.243615]  ? __switch_to_asm+0x41/0x70
[   17.243615]  ? kasan_check_read+0x11/0x20
[   17.243615]  ? rest_init+0xdc/0xdc
[   17.243615]  kernel_init+0x16/0x180
[   17.243615]  ? rest_init+0xdc/0xdc
[   17.243615]  ret_from_fork+0x35/0x40
[   17.243615]
[   17.243615] The buggy address belongs to the page:
[   17.243615] page:ffffea0002f91440 count:0 mapcount:0 
mapping:0000000000000000 index:0x1
[   17.243615] flags: 0xfffffc0000000()
[   17.243615] raw: 000fffffc0000000 ffffea0002df9708 ffffea0002f91408 
0000000000000000
[   17.243615] raw: 0000000000000001 0000000000000000 00000000ffffffff 
0000000000000000
[   17.243615] page dumped because: kasan: bad access detected
[   17.243615]
[   17.243615] Memory state around the buggy address:
[   17.243615]  ffff8880be450f00: ff ff ff ff ff ff ff ff ff ff ff ff ff 
ff ff ff
[   17.243615]  ffff8880be450f80: ff ff ff ff ff ff ff ff ff ff ff ff ff 
ff ff ff
[   17.243615] >ffff8880be451000: ff ff ff ff ff ff ff ff ff ff ff ff ff 
ff ff ff
[   17.243615]                    ^
[   17.243615]  ffff8880be451080: ff ff ff ff ff ff ff ff ff ff ff ff ff 
ff ff ff
[   17.243615]  ffff8880be451100: ff ff ff ff ff ff ff ff ff ff ff ff ff 
ff ff ff
[   17.243615] 
==================================================================


Patch

commit 6998a8800d73116187aad542391ce3b2dd0f9e30
Author: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Date:   Tue Apr 13 16:01:00 2021 +0200

     ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()

     Commit 1a1c130ab757 ("ACPI: tables: x86: Reserve memory occupied by
     ACPI tables") attempted to address an issue with reserving the memory
     occupied by ACPI tables, but it broke the initrd-based table override
     mechanism relied on by multiple users.

     To restore the initrd-based ACPI table override functionality, move
     the acpi_boot_table_init() invocation in setup_arch() on x86 after
     the acpi_table_upgrade() one.

     Fixes: 1a1c130ab757 ("ACPI: tables: x86: Reserve memory occupied by 
ACPI tables")
     Reported-by: Hans de Goede <hdegoede@redhat.com>
     Tested-by: Hans de Goede <hdegoede@redhat.com>
     Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5ecd69a..ccab6cf 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1045,9 +1045,6 @@  void __init setup_arch(char **cmdline_p)

      cleanup_highmap();

-    /* Look for ACPI tables and reserve memory occupied by them. */
-    acpi_boot_table_init();
-
      memblock_set_current_limit(ISA_END_ADDRESS);
      e820__memblock_setup();

@@ -1132,6 +1129,8 @@  void __init setup_arch(char **cmdline_p)
      reserve_initrd();

      acpi_table_upgrade();
+    /* Look for ACPI tables and reserve memory occupied by them. */
+    acpi_boot_table_init();

      vsmp_init();