From: Eric Auger <eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
eric.auger.pro-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
christoffer.dall-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
marc.zyngier-5wv7dgnIgG8@public.gmane.org,
robin.murphy-5wv7dgnIgG8@public.gmane.org,
alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
will.deacon-5wv7dgnIgG8@public.gmane.org,
joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org,
tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org,
jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org
Cc: drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
punit.agrawal-5wv7dgnIgG8@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
pranav.sawargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Subject: [RFC 1/8] vfio: fix vfio_info_cap_add/shift
Date: Thu, 3 Nov 2016 21:39:31 +0000 [thread overview]
Message-ID: <1478209178-3009-2-git-send-email-eric.auger@redhat.com> (raw)
In-Reply-To: <1478209178-3009-1-git-send-email-eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Capability header next field is an offset relative to the start of
the INFO buffer. tmp->next is assigned the proper value but iterations
implemented in vfio_info_cap_add and vfio_info_cap_shift use next
as an offset between the headers. When coping with multiple capabilities
this leads to an Oops.
Signed-off-by: Eric Auger <eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
drivers/vfio/vfio.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index d1d70e0..1e838d1 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1763,7 +1763,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
header->version = version;
/* Add to the end of the capability chain */
- for (tmp = caps->buf; tmp->next; tmp = (void *)tmp + tmp->next)
+ for (tmp = buf; tmp->next; tmp = buf + tmp->next)
; /* nothing */
tmp->next = caps->size;
@@ -1776,8 +1776,9 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
void vfio_info_cap_shift(struct vfio_info_cap *caps, size_t offset)
{
struct vfio_info_cap_header *tmp;
+ void *buf = (void *)caps->buf;
- for (tmp = caps->buf; tmp->next; tmp = (void *)tmp + tmp->next - offset)
+ for (tmp = buf; tmp->next; tmp = buf + tmp->next - offset)
tmp->next += offset;
}
EXPORT_SYMBOL_GPL(vfio_info_cap_shift);
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: Eric Auger <eric.auger@redhat.com>
To: eric.auger@redhat.com, eric.auger.pro@gmail.com,
christoffer.dall@linaro.org, marc.zyngier@arm.com,
robin.murphy@arm.com, alex.williamson@redhat.com,
will.deacon@arm.com, joro@8bytes.org, tglx@linutronix.de,
jason@lakedaemon.net, linux-arm-kernel@lists.infradead.org
Cc: kvm@vger.kernel.org, drjones@redhat.com,
linux-kernel@vger.kernel.org, pranav.sawargaonkar@gmail.com,
iommu@lists.linux-foundation.org, punit.agrawal@arm.com,
diana.craciun@nxp.com
Subject: [RFC 1/8] vfio: fix vfio_info_cap_add/shift
Date: Thu, 3 Nov 2016 21:39:31 +0000 [thread overview]
Message-ID: <1478209178-3009-2-git-send-email-eric.auger@redhat.com> (raw)
In-Reply-To: <1478209178-3009-1-git-send-email-eric.auger@redhat.com>
Capability header next field is an offset relative to the start of
the INFO buffer. tmp->next is assigned the proper value but iterations
implemented in vfio_info_cap_add and vfio_info_cap_shift use next
as an offset between the headers. When coping with multiple capabilities
this leads to an Oops.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
drivers/vfio/vfio.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index d1d70e0..1e838d1 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1763,7 +1763,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
header->version = version;
/* Add to the end of the capability chain */
- for (tmp = caps->buf; tmp->next; tmp = (void *)tmp + tmp->next)
+ for (tmp = buf; tmp->next; tmp = buf + tmp->next)
; /* nothing */
tmp->next = caps->size;
@@ -1776,8 +1776,9 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
void vfio_info_cap_shift(struct vfio_info_cap *caps, size_t offset)
{
struct vfio_info_cap_header *tmp;
+ void *buf = (void *)caps->buf;
- for (tmp = caps->buf; tmp->next; tmp = (void *)tmp + tmp->next - offset)
+ for (tmp = buf; tmp->next; tmp = buf + tmp->next - offset)
tmp->next += offset;
}
EXPORT_SYMBOL_GPL(vfio_info_cap_shift);
--
1.9.1
next prev parent reply other threads:[~2016-11-03 21:39 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 21:39 [RFC 0/8] KVM PCIe/MSI passthrough on ARM/ARM64 (Alt II) Eric Auger
2016-11-03 21:39 ` Eric Auger
2016-11-03 21:39 ` Eric Auger
[not found] ` <1478209178-3009-1-git-send-email-eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-03 21:39 ` Eric Auger [this message]
2016-11-03 21:39 ` [RFC 1/8] vfio: fix vfio_info_cap_add/shift Eric Auger
2016-11-03 21:39 ` [RFC 2/8] iommu/iova: fix __alloc_and_insert_iova_range Eric Auger
2016-11-03 21:39 ` Eric Auger
2016-11-03 21:39 ` [RFC 3/8] iommu/dma: Allow MSI-only cookies Eric Auger
2016-11-03 21:39 ` Eric Auger
2016-11-03 21:39 ` [RFC 5/8] vfio/type1: Introduce RESV_IOVA_RANGE capability Eric Auger
2016-11-03 21:39 ` Eric Auger
2016-11-03 21:39 ` [RFC 8/8] iommu/arm-smmu: implement add_reserved_regions callback Eric Auger
2016-11-03 21:39 ` Eric Auger
2016-11-04 4:02 ` [RFC 0/8] KVM PCIe/MSI passthrough on ARM/ARM64 (Alt II) Alex Williamson
2016-11-04 4:02 ` Alex Williamson
2016-11-04 4:02 ` Alex Williamson
2016-11-08 2:45 ` Summary of LPC guest MSI discussion in Santa Fe (was: Re: [RFC 0/8] KVM PCIe/MSI passthrough on ARM/ARM64 (Alt II)) Will Deacon
2016-11-08 2:45 ` Will Deacon
2016-11-08 14:27 ` Summary of LPC guest MSI discussion in Santa Fe Auger Eric
2016-11-08 14:27 ` Auger Eric
[not found] ` <dae12190-1eb6-20a9-5740-9e5be8bb65fc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-08 17:54 ` Will Deacon
2016-11-08 17:54 ` Will Deacon
2016-11-08 17:54 ` Will Deacon
[not found] ` <20161108175457.GK20591-5wv7dgnIgG8@public.gmane.org>
2016-11-08 19:02 ` Don Dutile
2016-11-08 19:02 ` Don Dutile
2016-11-08 19:02 ` Don Dutile
2016-11-08 19:10 ` Will Deacon
2016-11-08 19:10 ` Will Deacon
[not found] ` <5822214F.2070500-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-09 7:43 ` Auger Eric
2016-11-09 7:43 ` Auger Eric
2016-11-09 7:43 ` Auger Eric
2016-11-08 16:02 ` Don Dutile
2016-11-08 16:02 ` Don Dutile
[not found] ` <20161108024559.GA20591-5wv7dgnIgG8@public.gmane.org>
2016-11-08 20:29 ` Summary of LPC guest MSI discussion in Santa Fe (was: Re: [RFC 0/8] KVM PCIe/MSI passthrough on ARM/ARM64 (Alt II)) Christoffer Dall
2016-11-08 20:29 ` Christoffer Dall
2016-11-08 20:29 ` Christoffer Dall
2016-11-08 23:35 ` Alex Williamson
2016-11-08 23:35 ` Alex Williamson
2016-11-08 23:35 ` Alex Williamson
[not found] ` <20161108163508.1bcae0c2-1yVPhWWZRC1BDLzU/O5InQ@public.gmane.org>
2016-11-09 2:52 ` Summary of LPC guest MSI discussion in Santa Fe Don Dutile
2016-11-09 2:52 ` Don Dutile
2016-11-09 2:52 ` Don Dutile
[not found] ` <58228F71.6020108-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-09 17:03 ` Will Deacon
2016-11-09 17:03 ` Will Deacon
2016-11-09 17:03 ` Will Deacon
2016-11-09 18:59 ` Don Dutile
2016-11-09 18:59 ` Don Dutile
[not found] ` <582371FB.2040808-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-09 19:23 ` Christoffer Dall
2016-11-09 19:23 ` Christoffer Dall
2016-11-09 19:23 ` Christoffer Dall
2016-11-09 20:01 ` Alex Williamson
2016-11-09 20:01 ` Alex Williamson
2016-11-09 20:01 ` Alex Williamson
2016-11-10 14:40 ` Joerg Roedel
2016-11-10 14:40 ` Joerg Roedel
[not found] ` <20161110144007.GC2078-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2016-11-10 17:07 ` Alex Williamson
2016-11-10 17:07 ` Alex Williamson
2016-11-10 17:07 ` Alex Williamson
2016-11-09 20:31 ` Will Deacon
2016-11-09 20:31 ` Will Deacon
[not found] ` <20161109203145.GO17771-5wv7dgnIgG8@public.gmane.org>
2016-11-09 22:17 ` Alex Williamson
2016-11-09 22:17 ` Alex Williamson
2016-11-09 22:17 ` Alex Williamson
[not found] ` <20161109151709.74927f83-1yVPhWWZRC1BDLzU/O5InQ@public.gmane.org>
2016-11-09 22:25 ` Will Deacon
2016-11-09 22:25 ` Will Deacon
2016-11-09 22:25 ` Will Deacon
[not found] ` <20161109222522.GS17771-5wv7dgnIgG8@public.gmane.org>
2016-11-09 23:24 ` Alex Williamson
2016-11-09 23:24 ` Alex Williamson
2016-11-09 23:24 ` Alex Williamson
2016-11-09 23:38 ` Will Deacon
2016-11-09 23:38 ` Will Deacon
[not found] ` <20161109233847.GT17771-5wv7dgnIgG8@public.gmane.org>
2016-11-09 23:59 ` Alex Williamson
2016-11-09 23:59 ` Alex Williamson
2016-11-09 23:59 ` Alex Williamson
2016-11-10 0:14 ` Auger Eric
2016-11-10 0:14 ` Auger Eric
[not found] ` <83b6440a-31eb-c1b4-642c-a4c311f37ef2-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 0:55 ` Alex Williamson
2016-11-10 0:55 ` Alex Williamson
2016-11-10 0:55 ` Alex Williamson
2016-11-10 2:01 ` Will Deacon
2016-11-10 2:01 ` Will Deacon
[not found] ` <20161110020130.GA19108-5wv7dgnIgG8@public.gmane.org>
2016-11-10 11:14 ` Auger Eric
2016-11-10 11:14 ` Auger Eric
2016-11-10 11:14 ` Auger Eric
[not found] ` <ddd8af9d-ad8f-78d8-3048-3d640b74470e-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 17:46 ` Alex Williamson
2016-11-10 17:46 ` Alex Williamson
2016-11-10 17:46 ` Alex Williamson
2016-11-11 11:19 ` Joerg Roedel
2016-11-11 11:19 ` Joerg Roedel
[not found] ` <20161111111944.GO2078-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2016-11-11 15:50 ` Alex Williamson
2016-11-11 15:50 ` Alex Williamson
2016-11-11 15:50 ` Alex Williamson
[not found] ` <20161111085056.4cf8989d-1yVPhWWZRC1BDLzU/O5InQ@public.gmane.org>
2016-11-11 16:05 ` Alex Williamson
2016-11-11 16:05 ` Alex Williamson
2016-11-11 16:05 ` Alex Williamson
2016-11-14 15:19 ` Joerg Roedel
2016-11-14 15:19 ` Joerg Roedel
2016-11-11 16:25 ` Don Dutile
2016-11-11 16:25 ` Don Dutile
2016-11-11 16:25 ` Don Dutile
2016-11-11 16:00 ` Don Dutile
2016-11-11 16:00 ` Don Dutile
2016-11-11 16:00 ` Don Dutile
2016-11-10 14:52 ` Joerg Roedel
2016-11-10 14:52 ` Joerg Roedel
2016-11-09 20:11 ` Robin Murphy
2016-11-09 20:11 ` Robin Murphy
[not found] ` <e59e9a17-e943-a227-5ea4-d028232155a8-5wv7dgnIgG8@public.gmane.org>
2016-11-10 15:18 ` Joerg Roedel
2016-11-10 15:18 ` Joerg Roedel
2016-11-10 15:18 ` Joerg Roedel
2016-11-21 5:13 ` Jon Masters
2016-11-21 5:13 ` Jon Masters
2016-11-21 5:13 ` Jon Masters
[not found] ` <83d7bf8e-1aa9-b61b-4e83-ba9da1926d19-Zp4isUonpHBD60Wz+7aTrA@public.gmane.org>
2016-11-23 20:12 ` Don Dutile
2016-11-23 20:12 ` Don Dutile
2016-11-23 20:12 ` Don Dutile
2016-11-03 21:39 ` [RFC 4/8] iommu: Add a list of iommu_reserved_region in iommu_domain Eric Auger
2016-11-03 21:39 ` [RFC 6/8] iommu: Handle the list of reserved regions Eric Auger
2016-11-03 21:39 ` [RFC 7/8] iommu/vt-d: Implement add_reserved_regions callback Eric Auger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478209178-3009-2-git-send-email-eric.auger@redhat.com \
--to=eric.auger-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=christoffer.dall-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eric.auger.pro-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org \
--cc=joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org \
--cc=kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=marc.zyngier-5wv7dgnIgG8@public.gmane.org \
--cc=pranav.sawargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=punit.agrawal-5wv7dgnIgG8@public.gmane.org \
--cc=robin.murphy-5wv7dgnIgG8@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=will.deacon-5wv7dgnIgG8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.