diff options
| author |   Jason Wang <jasowang@redhat.com> | 2017-03-23 13:07:16 +0800 |
|---|---|---|
| committer |   Michael S. Tsirkin <mst@redhat.com> | 2017-03-28 20:40:53 +0300 |
| commit | de85ec8b07f82c8c84de7687f769e74bf4c26a1e (patch) | |
| tree | 72ce8462675d94d2e82723dc84583f644c5e190d /drivers/virtio/virtio_balloon.c | |
| parent | Linux 4.11-rc4 (diff) | |
| download | linux-dev-de85ec8b07f82c8c84de7687f769e74bf4c26a1e.tar.xz linux-dev-de85ec8b07f82c8c84de7687f769e74bf4c26a1e.zip | |
virtio_pci: fix out of bound access for msix_names
Fedora has received multiple reports of crashes when running
4.11 as a guest
https://bugzilla.redhat.com/show_bug.cgi?id=1430297
https://bugzilla.redhat.com/show_bug.cgi?id=1434462
https://bugzilla.kernel.org/show_bug.cgi?id=194911
https://bugzilla.redhat.com/show_bug.cgi?id=1433899
The crashes are not always consistent but they are generally
some flavor of oops or GPF in virtio related code. Multiple people
have done bisections (Thank you Thorsten Leemhuis and
Richard W.M. Jones) and found this commit to be at fault
07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 is the first bad commit
commit 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507
Author: Christoph Hellwig <hch@lst.de>
Date: Sun Feb 5 18:15:19 2017 +0100
virtio_pci: use shared interrupts for virtqueues
The issue seems to be an out of bounds access to the msix_names
array corrupting kernel memory.
Fixes: 07ec51480b5e ("virtio_pci: use shared interrupts for virtqueues")
Reported-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Thorsten Leemhuis <linux@leemhuis.info>
Diffstat (limited to 'drivers/virtio/virtio_balloon.c')
0 files changed, 0 insertions, 0 deletions