summaryrefslogtreecommitdiff
path: root/drivers/xen/sys-hypervisor.c
diff options
context:
space:
mode:
authorJason Wang <jasowang@redhat.com>2017-03-23 08:07:16 +0300
committerMichael S. Tsirkin <mst@redhat.com>2017-03-28 20:40:53 +0300
commitde85ec8b07f82c8c84de7687f769e74bf4c26a1e (patch)
tree72ce8462675d94d2e82723dc84583f644c5e190d /drivers/xen/sys-hypervisor.c
parentc02ed2e75ef4c74e41e421acb4ef1494671585e8 (diff)
downloadlinux-de85ec8b07f82c8c84de7687f769e74bf4c26a1e.tar.xz
virtio_pci: fix out of bound access for msix_names
Fedora has received multiple reports of crashes when running 4.11 as a guest https://bugzilla.redhat.com/show_bug.cgi?id=1430297 https://bugzilla.redhat.com/show_bug.cgi?id=1434462 https://bugzilla.kernel.org/show_bug.cgi?id=194911 https://bugzilla.redhat.com/show_bug.cgi?id=1433899 The crashes are not always consistent but they are generally some flavor of oops or GPF in virtio related code. Multiple people have done bisections (Thank you Thorsten Leemhuis and Richard W.M. Jones) and found this commit to be at fault 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 is the first bad commit commit 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 Author: Christoph Hellwig <hch@lst.de> Date: Sun Feb 5 18:15:19 2017 +0100 virtio_pci: use shared interrupts for virtqueues The issue seems to be an out of bounds access to the msix_names array corrupting kernel memory. Fixes: 07ec51480b5e ("virtio_pci: use shared interrupts for virtqueues") Reported-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Tested-by: Richard W.M. Jones <rjones@redhat.com> Tested-by: Thorsten Leemhuis <linux@leemhuis.info>
Diffstat (limited to 'drivers/xen/sys-hypervisor.c')
0 files changed, 0 insertions, 0 deletions