------- Comment From heinz-werner_se...@de.ibm.com 2018-10-31 06:27 EDT------- @jsalisbury: I copied your comment from LP1800639
### External Comment ### I built a test kernel with commits 065a2cdcbd and 048a7f8b4. The test kernel can be downloaded from: http://kernel.ubuntu.com/~jsalisbury/lp1800639 Can you test this kernel and see if it resolves this bug? Note about installing test kernels: ? If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages. ? If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages. Thanks in advance! This is the correct LP/Bugzilla, you can set this LP into Progress. LP1800639 will be updated with the correct commit ID's and problem description. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1800641 Title: [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Status in linux source package in Bionic: Triaged Status in linux source package in Cosmic: Triaged Bug description: Description: qeth: Fix potential array overrun in cmd/rc lookup Symptom: Infinite loop when processing a received cmd. Problem: qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used to build human-readable messages for received cmd data. They store the to-be translated value in the last entry of a global array, and then iterate over each entry until they found the queried value (and the corresponding message string). If there is no prior match, the lookup is intended to stop at the final entry (which was previously prepared). If two qeth devices are concurrently processing a received cmd, one lookup can over-write the last entry of the global array while a second lookup is in process. This second lookup will then never hit its stop-condition, and loop. Solution: Remove the modification of the global array, and limit the number of iterations to the size of the array. Upstream-ID: kernel 4.19 - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9 Should also be applied, to all other Ubuntu Releases in the field ! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800641/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
