GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.1/patches/2220999/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2220999,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2220999/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260408163922.1740497-1-mnencia@kcore.it/",
    "project": {
        "id": 28,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/28/?format=api",
        "name": "Linux PCI development",
        "link_name": "linux-pci",
        "list_id": "linux-pci.vger.kernel.org",
        "list_email": "linux-pci@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null
    },
    "msgid": "<20260408163922.1740497-1-mnencia@kcore.it>",
    "date": "2026-04-08T16:39:22",
    "name": "PCI/IOV: Fix out-of-bounds access in sriov_restore_vf_rebar_state()",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "c8b61ed45686da07fc16acfad3d68be3b5892428",
    "submitter": {
        "id": 93088,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/93088/?format=api",
        "name": "Marco Nenciarini",
        "email": "mnencia@kcore.it"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260408163922.1740497-1-mnencia@kcore.it/mbox/",
    "series": [
        {
            "id": 499160,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/499160/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=499160",
            "date": "2026-04-08T16:39:22",
            "name": "PCI/IOV: Fix out-of-bounds access in sriov_restore_vf_rebar_state()",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/499160/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2220999/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2220999/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <linux-pci+bounces-52162-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linux-pci@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=kcore.it header.i=@kcore.it header.a=rsa-sha256\n header.s=spark header.b=jZu8AnMs;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=linux-pci+bounces-52162-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key)\n header.d=kcore.it header.i=@kcore.it header.b=\"jZu8AnMs\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=49.13.27.68",
            "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=kcore.it",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=kcore.it"
        ],
        "Received": [
            "from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frTQ75Tclz1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 02:42:55 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id BFBB23009556\n\tfor <incoming@patchwork.ozlabs.org>; Wed,  8 Apr 2026 16:39:35 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7AB243BAD8F;\n\tWed,  8 Apr 2026 16:39:34 +0000 (UTC)",
            "from spark.kcore.it (spark.kcore.it [49.13.27.68])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 241BC349AFF;\n\tWed,  8 Apr 2026 16:39:32 +0000 (UTC)",
            "from mnencia by spark.kcore.it with local (Exim 4.96)\n\t(envelope-from <mnencia@kcore.it>)\n\tid 1wAVw2-007Imd-0E;\n\tWed, 08 Apr 2026 18:39:22 +0200"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775666374; cv=none;\n b=alitCWFRpct7U6/+NHjQ3GMibCY68rqah+kpFID3VqBA/CpMCIqx9nDlTvrQHez4DZBHE4un0QYeV1tgCiS0DVckpR0IYp7TXgUPdt+8sUXrZZSQo6NoZ4O6aEHGZCOPTGmK6YTilgzDOGqZWx0kMMPx7FduxbhaSTb/i5vWRl0=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775666374; c=relaxed/simple;\n\tbh=u6aaNp69KxTS+5US/rEwJlQdnHC2yKeTURhPqApbPdM=;\n\th=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type;\n b=TyXxI7ke+4DTnpKJI1F9n7Ej0ALR+/TVm5bptMxohOHfAAYdf1pt3hMI1CSECOBd/MP9BG+3VyBpp8xqHyoIPD+XtwNH21gre9d1GdQRgbngtVnYC7hSwVdIQDmdApL25YLrSJzQXE9E4RIqNAqmHWfo/5jHz37BxlCdYlJeIr4=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=kcore.it;\n spf=pass smtp.mailfrom=kcore.it;\n dkim=pass (1024-bit key) header.d=kcore.it header.i=@kcore.it\n header.b=jZu8AnMs; arc=none smtp.client-ip=49.13.27.68",
        "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kcore.it;\n\ts=spark; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-Id:\n\tDate:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tIn-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:\n\tList-Post:List-Owner:List-Archive;\n\tbh=I21Y2KDp0LnjyiR5WuBPPxI8t01E0XecHwF5bX7E4ck=; b=jZu8AnMstPCnAr8CC3okbg4G3a\n\tb9RTy96uCGDpQkXTl685o0d6kGO6FLG6jJVCtjx61iQfTTM+ly0iPuS7FS7x3fN9zX9epppvjQC8O\n\ttz38Y5yNK/pB+70rA8FeQQRdyiC/YzM+A7UvH3oEMzU9MzRwjL7gKbvnPO9WzO99Ef08=;",
        "From": "Marco Nenciarini <mnencia@kcore.it>",
        "To": "Bjorn Helgaas <bhelgaas@google.com>",
        "Cc": "=?utf-8?q?Micha=C5=82_Winiarski?= <michal.winiarski@intel.com>,\n\t=?utf-8?q?Ilpo_J=C3=A4rvinen?= <ilpo.jarvinen@linux.intel.com>,\n linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,\n stable@vger.kernel.org, Marco Nenciarini <mnencia@kcore.it>",
        "Subject": "[PATCH] PCI/IOV: Fix out-of-bounds access in\n sriov_restore_vf_rebar_state()",
        "Date": "Wed,  8 Apr 2026 18:39:22 +0200",
        "Message-Id": "<20260408163922.1740497-1-mnencia@kcore.it>",
        "X-Mailer": "git-send-email 2.39.5",
        "Precedence": "bulk",
        "X-Mailing-List": "linux-pci@vger.kernel.org",
        "List-Id": "<linux-pci.vger.kernel.org>",
        "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=UTF-8",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "sriov_restore_vf_rebar_state() extracts bar_idx from the VF Resizable\nBAR control register using a 3-bit field (PCI_VF_REBAR_CTRL_BAR_IDX,\nbits 0-2), which yields values in the range 0-7. This value is then\nused to index into dev->sriov->barsz[], which has PCI_SRIOV_NUM_BARS\n(6) entries.\n\nIf the PCI config space read returns garbage data (e.g. 0xffffffff when\nthe device is no longer accessible on the bus), bar_idx is 7, causing\nan out-of-bounds array access. UBSAN reports this as:\n\n  UBSAN: array-index-out-of-bounds in drivers/pci/iov.c:948:51\n  index 7 is out of range for type 'resource_size_t [6]'\n\nThis was observed on an NVIDIA RTX PRO 1000 GPU (GB207GLM) that fell\noff the PCIe bus during a failed GC6 power state exit. The subsequent\npci_restore_state() call triggered the UBSAN splat in\nsriov_restore_vf_rebar_state() since all config space reads returned\n0xffffffff.\n\nAdd a bounds check on bar_idx before using it as an array index to\nprevent the out-of-bounds access.\n\nFixes: 5a8f77e24a30 (\"PCI/IOV: Restore VF resizable BAR state after reset\")\nCc: stable@vger.kernel.org\nSigned-off-by: Marco Nenciarini <mnencia@kcore.it>\n---\nCc: Michał Winiarski <michal.winiarski@intel.com>\nCc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>\n\n drivers/pci/iov.c | 2 ++\n 1 file changed, 2 insertions(+)",
    "diff": "diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c\nindex 00784a60b..521f2cb64 100644\n--- a/drivers/pci/iov.c\n+++ b/drivers/pci/iov.c\n@@ -946,6 +946,8 @@ static void sriov_restore_vf_rebar_state(struct pci_dev *dev)\n \n \t\tpci_read_config_dword(dev, pos + PCI_VF_REBAR_CTRL, &ctrl);\n \t\tbar_idx = FIELD_GET(PCI_VF_REBAR_CTRL_BAR_IDX, ctrl);\n+\t\tif (bar_idx >= PCI_SRIOV_NUM_BARS)\n+\t\t\tcontinue;\n \t\tsize = pci_rebar_bytes_to_size(dev->sriov->barsz[bar_idx]);\n \t\tctrl &= ~PCI_VF_REBAR_CTRL_BAR_SIZE;\n \t\tctrl |= FIELD_PREP(PCI_VF_REBAR_CTRL_BAR_SIZE, size);\n",
    "prefixes": []
}