ACK: [PATCH 1/1] s390/pci: fix out of bounds access during irq setup
Kleber Souza
kleber.souza at canonical.com
Wed Sep 5 10:23:35 UTC 2018
On 09/05/18 12:19, Colin Ian King wrote:
> On 05/09/18 11:15, Kleber Sacilotto de Souza wrote:
>> From: Sebastian Ott <sebott at linux.ibm.com>
>>
>> BugLink: https://bugs.launchpad.net/bugs/1790480
>>
>> During interrupt setup we allocate interrupt vectors, walk the list of msi
>> descriptors, and fill in the message data. Requesting more interrupts than
>> supported on s390 can lead to an out of bounds access.
>>
>> When we restrict the number of interrupts we should also stop walking the
>> msi list after all supported interrupts are handled.
>>
>> Cc: stable at vger.kernel.org
>> Signed-off-by: Sebastian Ott <sebott at linux.ibm.com>
>> Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
>> (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17)
>> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
>> ---
>> arch/s390/pci/pci.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
>> index 4902fed221c0..8a505cfdd9b9 100644
>> --- a/arch/s390/pci/pci.c
>> +++ b/arch/s390/pci/pci.c
>> @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
>> hwirq = 0;
>> for_each_pci_msi_entry(msi, pdev) {
>> rc = -EIO;
>> + if (hwirq >= msi_vecs)
>> + break;
>> irq = irq_alloc_desc(0); /* Alloc irq on node 0 */
>> if (irq < 0)
>> return -ENOMEM;
>>
>
> Clean upstream cherry pick, looks sane to me and limited to once
> specific architecture. I don't see any test results, but I think we can
> let that slip for this.
>
Thanks Colin. I have just provided a test kernel on the bug report, once
we get the test results I will confirm it works or NAK in case it
doesn't. Just wanted to send the patch soon since we are reaching the
SRU deadline.
More information about the kernel-team
mailing list