git.baikalelectronics.ru Git - kernel.git/commit

author	Jason Wang <jasowang@redhat.com>
	Thu, 23 Mar 2017 05:07:16 +0000 (13:07 +0800)
committer	Michael S. Tsirkin <mst@redhat.com>
	Tue, 28 Mar 2017 17:40:53 +0000 (20:40 +0300)
commit	08bfc7cbb969e2763da7e6fcc4752b7671d40b65
tree	72ce8462675d94d2e82723dc84583f644c5e190d	tree \| snapshot
parent	04db378bc38419431c40af65242beb366dba35ea	commit \| diff

virtio_pci: fix out of bound access for msix_names

Fedora has received multiple reports of crashes when running
4.11 as a guest

https://bugzilla.redhat.com/show_bug.cgi?id=1430297
https://bugzilla.redhat.com/show_bug.cgi?id=1434462
https://bugzilla.kernel.org/show_bug.cgi?id=194911
https://bugzilla.redhat.com/show_bug.cgi?id=1433899

The crashes are not always consistent but they are generally
some flavor of oops or GPF in virtio related code. Multiple people
have done bisections (Thank you Thorsten Leemhuis and
Richard W.M. Jones) and found this commit to be at fault

9a8a1fd5456736b1c222bf691367fefadd1329ce is the first bad commit
commit 9a8a1fd5456736b1c222bf691367fefadd1329ce
Author: Christoph Hellwig <hch@lst.de>
Date: Sun Feb 5 18:15:19 2017 +0100

virtio_pci: use shared interrupts for virtqueues

The issue seems to be an out of bounds access to the msix_names
array corrupting kernel memory.

Fixes: 9a8a1fd54567 ("virtio_pci: use shared interrupts for virtqueues")
Reported-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Thorsten Leemhuis <linux@leemhuis.info>