| Message ID | 20180905101556.13993-2-kleber.souza@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | Fix for LP: #1790480 | expand |
On 05/09/18 11:15, Kleber Sacilotto de Souza wrote: > From: Sebastian Ott <sebott@linux.ibm.com> > > BugLink: https://bugs.launchpad.net/bugs/1790480 > > During interrupt setup we allocate interrupt vectors, walk the list of msi > descriptors, and fill in the message data. Requesting more interrupts than > supported on s390 can lead to an out of bounds access. > > When we restrict the number of interrupts we should also stop walking the > msi list after all supported interrupts are handled. > > Cc: stable@vger.kernel.org > Signed-off-by: Sebastian Ott <sebott@linux.ibm.com> > Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> > (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17) > Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > arch/s390/pci/pci.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c > index 4902fed221c0..8a505cfdd9b9 100644 > --- a/arch/s390/pci/pci.c > +++ b/arch/s390/pci/pci.c > @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type) > hwirq = 0; > for_each_pci_msi_entry(msi, pdev) { > rc = -EIO; > + if (hwirq >= msi_vecs) > + break; > irq = irq_alloc_desc(0); /* Alloc irq on node 0 */ > if (irq < 0) > return -ENOMEM; > Clean upstream cherry pick, looks sane to me and limited to once specific architecture. I don't see any test results, but I think we can let that slip for this. Acked-by: Colin Ian King <colin.king@canonical.com>
On 09/05/18 12:19, Colin Ian King wrote: > On 05/09/18 11:15, Kleber Sacilotto de Souza wrote: >> From: Sebastian Ott <sebott@linux.ibm.com> >> >> BugLink: https://bugs.launchpad.net/bugs/1790480 >> >> During interrupt setup we allocate interrupt vectors, walk the list of msi >> descriptors, and fill in the message data. Requesting more interrupts than >> supported on s390 can lead to an out of bounds access. >> >> When we restrict the number of interrupts we should also stop walking the >> msi list after all supported interrupts are handled. >> >> Cc: stable@vger.kernel.org >> Signed-off-by: Sebastian Ott <sebott@linux.ibm.com> >> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> >> (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17) >> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> >> --- >> arch/s390/pci/pci.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c >> index 4902fed221c0..8a505cfdd9b9 100644 >> --- a/arch/s390/pci/pci.c >> +++ b/arch/s390/pci/pci.c >> @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type) >> hwirq = 0; >> for_each_pci_msi_entry(msi, pdev) { >> rc = -EIO; >> + if (hwirq >= msi_vecs) >> + break; >> irq = irq_alloc_desc(0); /* Alloc irq on node 0 */ >> if (irq < 0) >> return -ENOMEM; >> > > Clean upstream cherry pick, looks sane to me and limited to once > specific architecture. I don't see any test results, but I think we can > let that slip for this. > Thanks Colin. I have just provided a test kernel on the bug report, once we get the test results I will confirm it works or NAK in case it doesn't. Just wanted to send the patch soon since we are reaching the SRU deadline.
On 05.09.2018 12:15, Kleber Sacilotto de Souza wrote: > From: Sebastian Ott <sebott@linux.ibm.com> > > BugLink: https://bugs.launchpad.net/bugs/1790480 > > During interrupt setup we allocate interrupt vectors, walk the list of msi > descriptors, and fill in the message data. Requesting more interrupts than > supported on s390 can lead to an out of bounds access. > > When we restrict the number of interrupts we should also stop walking the > msi list after all supported interrupts are handled. > > Cc: stable@vger.kernel.org > Signed-off-by: Sebastian Ott <sebott@linux.ibm.com> > Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> > (cherry picked from commit 866f3576a72b2233a76dffb80290f8086dc49e17) > Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > arch/s390/pci/pci.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c > index 4902fed221c0..8a505cfdd9b9 100644 > --- a/arch/s390/pci/pci.c > +++ b/arch/s390/pci/pci.c > @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type) > hwirq = 0; > for_each_pci_msi_entry(msi, pdev) { > rc = -EIO; > + if (hwirq >= msi_vecs) > + break; > irq = irq_alloc_desc(0); /* Alloc irq on node 0 */ > if (irq < 0) > return -ENOMEM; >
diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4902fed221c0..8a505cfdd9b9 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type) hwirq = 0; for_each_pci_msi_entry(msi, pdev) { rc = -EIO; + if (hwirq >= msi_vecs) + break; irq = irq_alloc_desc(0); /* Alloc irq on node 0 */ if (irq < 0) return -ENOMEM;