ACK: [PATCH 1/1] s390/pci: fix out of bounds access during irq setup

Colin Ian King colin.king at canonical.com
Wed Sep 5 10:19:43 UTC 2018


On 05/09/18 11:15, Kleber Sacilotto de Souza wrote:
> From: Sebastian Ott <sebott at linux.ibm.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1790480
> 
> During interrupt setup we allocate interrupt vectors, walk the list of msi
> descriptors, and fill in the message data. Requesting more interrupts than
> supported on s390 can lead to an out of bounds access.
> 
> When we restrict the number of interrupts we should also stop walking the
> msi list after all supported interrupts are handled.
> 
> Cc: stable at vger.kernel.org
> Signed-off-by: Sebastian Ott <sebott at linux.ibm.com>
> Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
> (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17)
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
>  arch/s390/pci/pci.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
> index 4902fed221c0..8a505cfdd9b9 100644
> --- a/arch/s390/pci/pci.c
> +++ b/arch/s390/pci/pci.c
> @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
>  	hwirq = 0;
>  	for_each_pci_msi_entry(msi, pdev) {
>  		rc = -EIO;
> +		if (hwirq >= msi_vecs)
> +			break;
>  		irq = irq_alloc_desc(0);	/* Alloc irq on node 0 */
>  		if (irq < 0)
>  			return -ENOMEM;
> 

Clean upstream cherry pick, looks sane to me and limited to once
specific architecture.  I don't see any test results, but I think we can
let that slip for this.

Acked-by: Colin Ian King <colin.king at canonical.com>







More information about the kernel-team mailing list