ACK: [Vivid][SRU][PATCH] powerpc/powernv: Fix the overflow of OPAL message notifiers head array
Brad Figg
brad.figg at canonical.com
Fri Aug 21 13:57:11 UTC 2015
On Thu, Aug 20, 2015 at 05:10:38PM -0700, Chris J Arges wrote:
> From: Neelesh Gupta <neelegup at linux.vnet.ibm.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1487085
>
> Fixes the condition check of incoming message type which can
> otherwise shoot beyond the message notifiers head array.
>
> Signed-off-by: Neelesh Gupta <neelegup at linux.vnet.ibm.com>
> Reviewed-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
> Reviewed-by: Anshuman Khandual <khandual at linux.vnet.ibm.com>
> Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
>
> (backported from commit 792f96e9a769b799a2944e9369e4ea1e467135b2)
> Some of this commit was merged into 9b42c07.
> This backport covers the remaining parts.
> Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
> ---
> arch/powerpc/platforms/powernv/opal.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
> index 8375bf3..3f34413 100644
> --- a/arch/powerpc/platforms/powernv/opal.c
> +++ b/arch/powerpc/platforms/powernv/opal.c
> @@ -313,6 +313,7 @@ int opal_message_notifier_register(enum opal_msg_type msg_type,
> __func__, msg_type);
> return -EINVAL;
> }
> +
> return atomic_notifier_chain_register(
> &opal_msg_notifier_head[msg_type], nb);
> }
> @@ -358,7 +359,7 @@ static void opal_handle_message(void)
> type = be32_to_cpu(msg.msg_type);
>
> /* Sanity check */
> - if (type > OPAL_MSG_TYPE_MAX) {
> + if (type >= OPAL_MSG_TYPE_MAX) {
> pr_warning("%s: Unknown message type: %u\n", __func__, type);
> return;
> }
> --
> 2.5.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list