ACK: [PATCH 1/1] s390/pci: fix out of bounds access during irq setup
Stefan Bader
stefan.bader at canonical.com
Wed Sep 5 10:27:09 UTC 2018
On 05.09.2018 12:15, Kleber Sacilotto de Souza wrote:
> From: Sebastian Ott <sebott at linux.ibm.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1790480
>
> During interrupt setup we allocate interrupt vectors, walk the list of msi
> descriptors, and fill in the message data. Requesting more interrupts than
> supported on s390 can lead to an out of bounds access.
>
> When we restrict the number of interrupts we should also stop walking the
> msi list after all supported interrupts are handled.
>
> Cc: stable at vger.kernel.org
> Signed-off-by: Sebastian Ott <sebott at linux.ibm.com>
> Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
> (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17)
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> arch/s390/pci/pci.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
> index 4902fed221c0..8a505cfdd9b9 100644
> --- a/arch/s390/pci/pci.c
> +++ b/arch/s390/pci/pci.c
> @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
> hwirq = 0;
> for_each_pci_msi_entry(msi, pdev) {
> rc = -EIO;
> + if (hwirq >= msi_vecs)
> + break;
> irq = irq_alloc_desc(0); /* Alloc irq on node 0 */
> if (irq < 0)
> return -ENOMEM;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180905/e44eecc0/attachment.sig>
More information about the kernel-team
mailing list