[Kernel-packages] [Bug 1790658] Re: s390/pci: fix out of bounds access during irq setup

Wed, 05 Sep 2018 04:16:22 -0700 

Staged for cosmic, in master-next.

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1790658

Title:
  s390/pci: fix out of bounds access during irq setup

Status in Ubuntu on IBM z Systems:
  Triaged
Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Bionic:
  New

Bug description:
  == SRU Justification ==

  IBM is requesting this commit (from 4.19) for s390: 
866f3576a72b2233a76dffb80290f8086dc49e17
  It fixes a problem with requesting more interrupts than supported on s390.
  The issue can finally lead to an out of bounds access.

  It needs to be applied to 18.04 and 16.04 (in addition to cosmic).

  == Fix ==

  commit 866f3576a72b2233a76dffb80290f8086dc49e17 upstream.

  During interrupt setup we allocate interrupt vectors, walk the list of msi
  descriptors, and fill in the message data. Requesting more interrupts than
  supported on s390 can lead to an out of bounds access.

  When we restrict the number of interrupts we should also stop walking the
  msi list after all supported interrupts are handled.

  == Regression Potential ==

  Low. The modification is limited to the following two lines in s390/pci:
  ...
  +             if (hwirq >= msi_vecs)
  +                     break;
  ...

  https://lkml.org/lkml/2018/9/3/1125

  == Test Case ==

  A test case will be provided by IBM.
  And the test and verification will also be done by IBM.

  __________

  Bug Description:

  s390/pci: fix out of bounds access during irq setup

  During interrupt setup we allocate interrupt vectors, walk the list of msi
  descriptors, and fill in the message data. Requesting more interrupts than
  supported on s390 can lead to an out of bounds access.

  When we restrict the number of interrupts we should also stop walking the
  msi list after all supported interrupts are handled.

  Upstream-ID:  866f3576a72b2233a76dffb80290f8086dc49e17
  kernel 4.19

  Also to be applied to 18.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1790658/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to