s390/pci: fix out of bounds access during irq setup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Triaged
|
High
|
Canonical Kernel Team | ||
linux (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned | ||
Bionic |
New
|
Undecided
|
Unassigned |
Bug Description
== SRU Justification ==
IBM is requesting this commit (from 4.19) for s390: 866f3576a72b223
It fixes a problem with requesting more interrupts than supported on s390.
The issue can finally lead to an out of bounds access.
It needs to be applied to 18.04 and 16.04 (in addition to cosmic).
== Fix ==
commit 866f3576a72b223
During interrupt setup we allocate interrupt vectors, walk the list of msi
descriptors, and fill in the message data. Requesting more interrupts than
supported on s390 can lead to an out of bounds access.
When we restrict the number of interrupts we should also stop walking the
msi list after all supported interrupts are handled.
== Regression Potential ==
Low. The modification is limited to the following two lines in s390/pci:
...
+ if (hwirq >= msi_vecs)
+ break;
...
https:/
== Test Case ==
A test case will be provided by IBM.
And the test and verification will also be done by IBM.
__________
Bug Description:
s390/pci: fix out of bounds access during irq setup
During interrupt setup we allocate interrupt vectors, walk the list of msi
descriptors, and fill in the message data. Requesting more interrupts than
supported on s390 can lead to an out of bounds access.
When we restrict the number of interrupts we should also stop walking the
msi list after all supported interrupts are handled.
Upstream-ID: 866f3576a72b223
kernel 4.19
Also to be applied to 18.10
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → nobody |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
description: | updated |
tags: | added: cscc |
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1790658/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]