From: Bjorn Helgaas <helgaas@kernel.org>
To: Sasha Levin <sasha.levin@oracle.com>
Cc: Prarit Bhargava <prarit@redhat.com>,
bhelgaas@google.com, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] PCI: prevent out of bounds access in numa_node override
Date: Wed, 7 Oct 2015 11:04:58 -0500 [thread overview]
Message-ID: <20151007160458.GA27633@localhost> (raw)
In-Reply-To: <56152725.10809@oracle.com>
On Wed, Oct 07, 2015 at 10:07:33AM -0400, Sasha Levin wrote:
> > On 10/06/2015 03:36 PM, Bjorn Helgaas wrote:
> >> Hi Sasha,
> >>
> >> On Sun, Oct 04, 2015 at 05:49:29PM -0400, Sasha Levin wrote:
> >>> Commit 63692df1 ("PCI: Allow numa_node override via sysfs") didn't check that
> >>> the numa node provided by userspace is valid. Passing a node number too high
> >>> would attempt to access invalid memory and trigger a kernel panic.
> >>>
> >>> Fixes: 63692df1 ("PCI: Allow numa_node override via sysfs")
> >>> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
> >>> ---
> >>> drivers/pci/pci-sysfs.c | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> >>> index 312f23a..e9abca8 100644
> >>> --- a/drivers/pci/pci-sysfs.c
> >>> +++ b/drivers/pci/pci-sysfs.c
> >>> @@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev,
> >>> if (ret)
> >>> return ret;
> >>>
> >>> - if (!node_online(node))
> >>> + if (node > MAX_NUMNODES || !node_online(node))
> >>
> >> This needs to be "node >= MAX_NUMNODES", doesn't it? I'll fix it up if
> >> you agree.
>
> Yup, you're right.
OK, applied to for-linus for v4.3 as follows. Thanks a lot, Sasha!
commit 0f7b9ad7477f7ce9b30e9ab0048f6e726f11a08a
Author: Sasha Levin <sasha.levin@oracle.com>
Date: Sun Oct 4 17:49:29 2015 -0400
PCI: Prevent out of bounds access in numa_node override
63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that
the numa node provided by userspace is valid. Passing a node number too
high would attempt to access invalid memory and trigger a kernel panic.
Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs")
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
CC: stable@vger.kernel.org # v3.19+
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 312f23a..9261868 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev,
if (ret)
return ret;
- if (!node_online(node))
+ if (node >= MAX_NUMNODES || !node_online(node))
return -EINVAL;
add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
next prev parent reply other threads:[~2015-10-07 16:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-04 21:49 [PATCH] PCI: prevent out of bounds access in numa_node override Sasha Levin
2015-10-06 19:36 ` Bjorn Helgaas
2015-10-06 20:02 ` Prarit Bhargava
2015-10-07 14:07 ` Sasha Levin
2015-10-07 16:04 ` Bjorn Helgaas [this message]
2015-10-07 16:09 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151007160458.GA27633@localhost \
--to=helgaas@kernel.org \
--cc=bhelgaas@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=prarit@redhat.com \
--cc=sasha.levin@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.