All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mpt3sas: fix an out of bound write
@ 2018-01-19 15:22 Tomas Henzl
  2018-01-28 16:43 ` Suganath Prabu Subramani
  2018-01-31  2:12 ` Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Tomas Henzl @ 2018-01-19 15:22 UTC (permalink / raw)
  To: linux-scsi
  Cc: kashyap.desai, sreekanth.reddy, chaitra.basappa,
	suganath-prabu.subramani, hare, Tomas Henzl

cpu_msix_table is allocated to store online cpus, but pci_irq_get_affinity
may return cpu_possible_mask which is then used to access cpu_msix_table.
That causes bad user experience.
Fix limits access to only online cpus, I've also added an additonal test
to protect from an unlikely change in cpu_online_mask.

Fixes: 1d55abc0e98a0bf35f3af80665aac564e3b30572 scsi: mpt3sas: switch to pci_alloc_irq_vectors

Signed-off-by: Tomas Henzl <thenzl@redhat.com>
---
 drivers/scsi/mpt3sas/mpt3sas_base.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
index 13d6e4ec3..59a87ca32 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -2410,8 +2410,11 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
 				continue;
 			}
 
-			for_each_cpu(cpu, mask)
+			for_each_cpu_and(cpu, mask, cpu_online_mask) {
+				if (cpu >= ioc->cpu_msix_table_sz)
+					break;
 				ioc->cpu_msix_table[cpu] = reply_q->msix_index;
+			}
 		}
 		return;
 	}
-- 
2.14.3

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] mpt3sas: fix an out of bound write
  2018-01-19 15:22 [PATCH] mpt3sas: fix an out of bound write Tomas Henzl
@ 2018-01-28 16:43 ` Suganath Prabu Subramani
  2018-01-31  2:12 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Suganath Prabu Subramani @ 2018-01-28 16:43 UTC (permalink / raw)
  To: Tomas Henzl
  Cc: linux-scsi, Kashyap Desai, Sreekanth Reddy, Chaitra Basappa,
	Hannes Reinecke

Hi,
Please consider this patch as Ack-by: Suganath Prabu S
<suganath-prabu.subramani@broadcom.com>

Thanks.

On Fri, Jan 19, 2018 at 8:52 PM, Tomas Henzl <thenzl@redhat.com> wrote:
> cpu_msix_table is allocated to store online cpus, but pci_irq_get_affinity
> may return cpu_possible_mask which is then used to access cpu_msix_table.
> That causes bad user experience.
> Fix limits access to only online cpus, I've also added an additonal test
> to protect from an unlikely change in cpu_online_mask.
>
> Fixes: 1d55abc0e98a0bf35f3af80665aac564e3b30572 scsi: mpt3sas: switch to pci_alloc_irq_vectors
>
> Signed-off-by: Tomas Henzl <thenzl@redhat.com>
> ---
>  drivers/scsi/mpt3sas/mpt3sas_base.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
> index 13d6e4ec3..59a87ca32 100644
> --- a/drivers/scsi/mpt3sas/mpt3sas_base.c
> +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
> @@ -2410,8 +2410,11 @@ _base_assign_reply_queues(struct MPT3SAS_ADAPTER *ioc)
>                                 continue;
>                         }
>
> -                       for_each_cpu(cpu, mask)
> +                       for_each_cpu_and(cpu, mask, cpu_online_mask) {
> +                               if (cpu >= ioc->cpu_msix_table_sz)
> +                                       break;
>                                 ioc->cpu_msix_table[cpu] = reply_q->msix_index;
> +                       }
>                 }
>                 return;
>         }
> --
> 2.14.3
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] mpt3sas: fix an out of bound write
  2018-01-19 15:22 [PATCH] mpt3sas: fix an out of bound write Tomas Henzl
  2018-01-28 16:43 ` Suganath Prabu Subramani
@ 2018-01-31  2:12 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2018-01-31  2:12 UTC (permalink / raw)
  To: Tomas Henzl
  Cc: linux-scsi, kashyap.desai, sreekanth.reddy, chaitra.basappa,
	suganath-prabu.subramani, hare


Tomas,

> cpu_msix_table is allocated to store online cpus, but
> pci_irq_get_affinity may return cpu_possible_mask which is then used
> to access cpu_msix_table. That causes bad user experience.  Fix
> limits access to only online cpus, I've also added an additonal test
> to protect from an unlikely change in cpu_online_mask.

Applied to 4.16/scsi-fixes. Thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-31  2:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-19 15:22 [PATCH] mpt3sas: fix an out of bound write Tomas Henzl
2018-01-28 16:43 ` Suganath Prabu Subramani
2018-01-31  2:12 ` Martin K. Petersen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.