From patchwork Wed Sep  5 10:15:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
X-Patchwork-Id: 966298
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 42503D5rP0z9s5c;
	Wed,  5 Sep 2018 20:16:08 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxUqx-0003cO-4e; Wed, 05 Sep 2018 10:16:03 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <kleber.souza@canonical.com>)
	id 1fxUqv-0003b9-EW
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 10:16:01 +0000
Received: from mail-wr1-f71.google.com ([209.85.221.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kleber.souza@canonical.com>)
	id 1fxUqv-0005fW-6K
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 10:16:01 +0000
Received: by mail-wr1-f71.google.com with SMTP id t10-v6so6250564wrs.17
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 03:16:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=tcD3HR3QQztGVQ1UdP1EKZGLAjHR6v8W9Ye3utuvDjc=;
	b=Mx6FsgCu6a31TbBWTzVdldYZ79Y0xjvzRepohAgWXwBz7reTt7rpVZa3mgFbYE2OLy
	NEzPPbp6sLpwacl/l6ZWwg9pNlLTatR+F2YIjUhfVIMWqqacJHVR/tfAaOBnQ8x4OiR3
	+JtIs1sYfGg1LKxUc6XtoXaKRPsYQ8R/zSWj35cng2dybwzCG1huI8c9rWMf/mCOgXLz
	fXNpenf+YxNtP8IHt2U9RtuOFELemyiF1sol6cMIn41qn0K2kLVFER57x3Lx/T14kLSK
	bxgh5ixzE26nYaxIiQO3pX8O8AyMs/IX/BtcHQBYbjqXU/ulE4nvXAwCkZZnMkJR1MGr
	mgqg==
X-Gm-Message-State: APzg51C+CNZ7owXoo1NGt8r9UVh5TqU5quFYJBYiKC/4MFiyMB9vPYLf
	sBm/JfAf/PtnAqUAUMp+PnbYJVtZIcmI/n7Xt/x4rhN6UHbr5G2hA+vYfffqH2OQ2o3d8lrjSnO
	moOqS5QkuOR5bPqAAhiOv+t0l6T4lUaN64wjbs9wkOg==
X-Received: by 2002:adf:fb0e:: with SMTP id
	c14-v6mr25787417wrr.117.1536142560611;
	Wed, 05 Sep 2018 03:16:00 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdYpxwbM8zru4f8Z56U7ntD764zCyOrBo5hvS5AV6x8L/TtofpSdxbEzQwBB0TT9hsO8iTyHuw==
X-Received: by 2002:adf:fb0e:: with SMTP id
	c14-v6mr25787408wrr.117.1536142560412;
	Wed, 05 Sep 2018 03:16:00 -0700 (PDT)
Received: from localhost ([2a02:8109:98c0:1604:34b0:1c10:9745:7766])
	by smtp.gmail.com with ESMTPSA id
	v6-v6sm1219738wmc.43.2018.09.05.03.15.59
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 05 Sep 2018 03:15:59 -0700 (PDT)
From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/1] s390/pci: fix out of bounds access during irq setup
Date: Wed,  5 Sep 2018 12:15:56 +0200
Message-Id: <20180905101556.13993-2-kleber.souza@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905101556.13993-1-kleber.souza@canonical.com>
References: <20180905101556.13993-1-kleber.souza@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Sebastian Ott <sebott@linux.ibm.com>

BugLink: https://bugs.launchpad.net/bugs/1790480

During interrupt setup we allocate interrupt vectors, walk the list of msi
descriptors, and fill in the message data. Requesting more interrupts than
supported on s390 can lead to an out of bounds access.

When we restrict the number of interrupts we should also stop walking the
msi list after all supported interrupts are handled.

Cc: stable@vger.kernel.org
Signed-off-by: Sebastian Ott <sebott@linux.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
(cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
---
 arch/s390/pci/pci.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
index 4902fed221c0..8a505cfdd9b9 100644
--- a/arch/s390/pci/pci.c
+++ b/arch/s390/pci/pci.c
@@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
 	hwirq = 0;
 	for_each_pci_msi_entry(msi, pdev) {
 		rc = -EIO;
+		if (hwirq >= msi_vecs)
+			break;
 		irq = irq_alloc_desc(0);	/* Alloc irq on node 0 */
 		if (irq < 0)
 			return -ENOMEM;