ACK: [PATCH 1/1] s390/pci: fix out of bounds access during irq setup
Colin Ian King
colin.king at canonical.com
Wed Sep 5 10:19:43 UTC 2018
On 05/09/18 11:15, Kleber Sacilotto de Souza wrote:
> From: Sebastian Ott <sebott at linux.ibm.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1790480
>
> During interrupt setup we allocate interrupt vectors, walk the list of msi
> descriptors, and fill in the message data. Requesting more interrupts than
> supported on s390 can lead to an out of bounds access.
>
> When we restrict the number of interrupts we should also stop walking the
> msi list after all supported interrupts are handled.
>
> Cc: stable at vger.kernel.org
> Signed-off-by: Sebastian Ott <sebott at linux.ibm.com>
> Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
> (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17)
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
> arch/s390/pci/pci.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
> index 4902fed221c0..8a505cfdd9b9 100644
> --- a/arch/s390/pci/pci.c
> +++ b/arch/s390/pci/pci.c
> @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
> hwirq = 0;
> for_each_pci_msi_entry(msi, pdev) {
> rc = -EIO;
> + if (hwirq >= msi_vecs)
> + break;
> irq = irq_alloc_desc(0); /* Alloc irq on node 0 */
> if (irq < 0)
> return -ENOMEM;
>
Clean upstream cherry pick, looks sane to me and limited to once
specific architecture. I don't see any test results, but I think we can
let that slip for this.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list