git.baikalelectronics.ru Git - kernel.git/commit

author	Jason Wang <jasowang@redhat.com>
	Thu, 23 Mar 2017 05:07:16 +0000 (13:07 +0800)
committer	Michael S. Tsirkin <mst@redhat.com>
	Tue, 28 Mar 2017 17:40:53 +0000 (20:40 +0300)
commit	d744fc870a8767ce67dfbbe3e3ffe9fb6ba4ad2c
tree	72ce8462675d94d2e82723dc84583f644c5e190d	tree \| snapshot
parent	d67b700b03cdebbc883b94faeed994c96bd3efd6	commit \| diff

virtio_pci: fix out of bound access for msix_names

Fedora has received multiple reports of crashes when running
4.11 as a guest

https://bugzilla.redhat.com/show_bug.cgi?id=1430297
https://bugzilla.redhat.com/show_bug.cgi?id=1434462
https://bugzilla.kernel.org/show_bug.cgi?id=194911
https://bugzilla.redhat.com/show_bug.cgi?id=1433899

The crashes are not always consistent but they are generally
some flavor of oops or GPF in virtio related code. Multiple people
have done bisections (Thank you Thorsten Leemhuis and
Richard W.M. Jones) and found this commit to be at fault

47e8b5efa134642408c901a6cd66c1c6bd64efe2 is the first bad commit
commit 47e8b5efa134642408c901a6cd66c1c6bd64efe2
Author: Christoph Hellwig <hch@lst.de>
Date: Sun Feb 5 18:15:19 2017 +0100

virtio_pci: use shared interrupts for virtqueues

The issue seems to be an out of bounds access to the msix_names
array corrupting kernel memory.

Fixes: 47e8b5efa134 ("virtio_pci: use shared interrupts for virtqueues")
Reported-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Thorsten Leemhuis <linux@leemhuis.info>