diff mbox

[Vivid,SRU] powerpc/powernv: Fix the overflow of OPAL message notifiers head array

Message ID 1440115838-16896-1-git-send-email-chris.j.arges@canonical.com
State New
Headers show

Commit Message

Chris J Arges Aug. 21, 2015, 12:10 a.m. UTC 
From: Neelesh Gupta <neelegup@linux.vnet.ibm.com>

BugLink: http://bugs.launchpad.net/bugs/1487085

Fixes the condition check of incoming message type which can
otherwise shoot beyond the message notifiers head array.

Signed-off-by: Neelesh Gupta <neelegup@linux.vnet.ibm.com>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

(backported from commit 792f96e9a769b799a2944e9369e4ea1e467135b2)
Some of this commit was merged into 9b42c07.
This backport covers the remaining parts.
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
---
 arch/powerpc/platforms/powernv/opal.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Tim Gardner Aug. 21, 2015, 1:45 p.m. UTC | #1 
Obvious fix.
Brad Figg Aug. 21, 2015, 1:57 p.m. UTC | #2 
On Thu, Aug 20, 2015 at 05:10:38PM -0700, Chris J Arges wrote:
> From: Neelesh Gupta <neelegup@linux.vnet.ibm.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1487085
> 
> Fixes the condition check of incoming message type which can
> otherwise shoot beyond the message notifiers head array.
> 
> Signed-off-by: Neelesh Gupta <neelegup@linux.vnet.ibm.com>
> Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
> Reviewed-by: Anshuman Khandual <khandual@linux.vnet.ibm.com>
> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> 
> (backported from commit 792f96e9a769b799a2944e9369e4ea1e467135b2)
> Some of this commit was merged into 9b42c07.
> This backport covers the remaining parts.
> Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
> ---
>  arch/powerpc/platforms/powernv/opal.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
> index 8375bf3..3f34413 100644
> --- a/arch/powerpc/platforms/powernv/opal.c
> +++ b/arch/powerpc/platforms/powernv/opal.c
> @@ -313,6 +313,7 @@ int opal_message_notifier_register(enum opal_msg_type msg_type,
>  			   __func__, msg_type);
>  		return -EINVAL;
>  	}
> +
>  	return atomic_notifier_chain_register(
>  				&opal_msg_notifier_head[msg_type], nb);
>  }
> @@ -358,7 +359,7 @@ static void opal_handle_message(void)
>  	type = be32_to_cpu(msg.msg_type);
>  
>  	/* Sanity check */
> -	if (type > OPAL_MSG_TYPE_MAX) {
> +	if (type >= OPAL_MSG_TYPE_MAX) {
>  		pr_warning("%s: Unknown message type: %u\n", __func__, type);
>  		return;
>  	}
> -- 
> 2.5.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Brad Figg Aug. 25, 2015, 3:33 p.m. UTC | #3 
Applied to the Vivid master-next branch.
diff mbox

Patch

diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index 8375bf3..3f34413 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -313,6 +313,7 @@  int opal_message_notifier_register(enum opal_msg_type msg_type,
 			   __func__, msg_type);
 		return -EINVAL;
 	}
+
 	return atomic_notifier_chain_register(
 				&opal_msg_notifier_head[msg_type], nb);
 }
@@ -358,7 +359,7 @@  static void opal_handle_message(void)
 	type = be32_to_cpu(msg.msg_type);
 
 	/* Sanity check */
-	if (type > OPAL_MSG_TYPE_MAX) {
+	if (type >= OPAL_MSG_TYPE_MAX) {
 		pr_warning("%s: Unknown message type: %u\n", __func__, type);
 		return;
 	}