[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1 2/2] x86/amd_node: reject SMN access when amd_smn_init() did not complete

  • To: <x86@xxxxxxxxxx>
  • From: Penny Zheng <penny.zheng@xxxxxxx>
  • Date: Wed, 6 May 2026 13:55:19 +0800
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gP1rZp1C6zAfw8kYloxp2KYZbgQfD9pbG7XPB4ULjcM=; b=vuoP1wPgDbXhaY+o/rMAEeRsZQBnbg1arj/ag5eA6bSWeQxxLQyo8Y5pV2ijeXhBlTHa+QSkm3rIEWoOh6NMoKAOHTTA6dc94zbPwJBW4RKIhHSkb7i0UWSbXjAD4mNAGg6a8WU2ROOnr1KYk3Kbb3qJCEqAegMqtUUcVMcYgQHJF2aKAn8U3afvZ1e2cCu1+hBaDZgrLP4gTh5Z71kl2kbxS/64pFMb8idGHCKD8n8fDsFLzdey++9UwsWB4368OpmO4x6vjuNwmnd0xn2NwSm8hnEZ8HKsxkjfj6NH0Nx/V14jG68TaHeGm0zuvixZB7YLREGiPAofLn5ORi8Wkg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OIuZQ3DGfjSZC+i8p6gDae7XaKi6S/CA7psEprco7bAGuxHaoqdFO5AkCcVDJrK7uolEFf+g7LHr9jjAiynVZV4Ud7mWuv5BKNToBTWRrgEuPnyJdzbAaWDPclOmegjUT+IUTLv5USrSuAfteLBrRW8kxWHdRY14SRj1cmPM6mbTkVuQhYPfOkctwXSIO+AjdL+OlInuXJMBtyhgi5qVrQEQJo5WqOdiBA9NOooZlUHNfsQnBoopebKzp2uX7Y3vEaorOfw0EOlvqS+7ma94bp3ffBZhYnUoUSzG69zXk3GGtLSaBbIJQ662suCVt4oJYfyFCB15IoZ9yy+JxtS7Mg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Cc: <ray.huang@xxxxxxx>, <Jason.Andryuk@xxxxxxx>, <stefano.stabellini@xxxxxxx>, Penny Zheng <penny.zheng@xxxxxxx>, "Mario Limonciello" <mario.limonciello@xxxxxxx>, Yazen Ghannam <yazen.ghannam@xxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <linux-kernel@xxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 06 May 2026 05:56:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
amd_smn_init() can fail early (e.g. -ENODEV when num_roots < num_nodes,
-ENOMEM from kcalloc) without setting smn_exclusive. In that case
amd_roots stays NULL, but the existing __amd_smn_rw() ordering dereferenced
amd_roots[node] before the smn_exclusive guard. The first SMN consumer (e.g.
amd_pmc_probe -> amd_smn_read) then hit a NULL pointer dereference
instead of getting -ENODEV.

Move the smn_exclusive check to the very beginning of __amd_smn_rw()
so a failed init is rejected before any deref. Also zero *value in
amd_smn_read() on the error path so callers never read uninitialized
data via the subsequent PCI_POSSIBLE_ERROR() check.

Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx>
---
 arch/x86/kernel/amd_node.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c
index c896060fe0df..cb9ed022c53c 100644
--- a/arch/x86/kernel/amd_node.c
+++ b/arch/x86/kernel/amd_node.c
@@ -88,6 +88,9 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 
address, u32 *value, b
        struct pci_dev *root;
        int err = -ENODEV;
 
+       if (!smn_exclusive)
+               return err;
+
        if (node >= amd_num_nodes())
                return err;
 
@@ -95,9 +98,6 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 
address, u32 *value, b
        if (!root)
                return err;
 
-       if (!smn_exclusive)
-               return err;
-
        guard(mutex)(&smn_mutex);
 
        err = pci_write_config_dword(root, i_off, address);
@@ -116,6 +116,11 @@ int __must_check amd_smn_read(u16 node, u32 address, u32 
*value)
 {
        int err = __amd_smn_rw(SMN_INDEX_OFFSET, SMN_DATA_OFFSET, node, 
address, value, false);
 
+       if (err) {
+               *value = 0;
+               return err;
+       }
+
        if (PCI_POSSIBLE_ERROR(*value)) {
                err = -ENODEV;
                *value = 0;
-- 
2.43.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.