AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-30 13:46:47 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

VFIO fixes for v4.8-rc2

Browse Source 
- Fix oopses dereferencing empty data (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJXrj/aAAoJECObm247sIsie/EP/0c0XtMdYKvmbPzAi83quPma
 zMPBzL7/FyaES3pfs5J4Nrc0UCojJ1EL5NjuF7fb3yxmgpxgsqfhQmiyauzEIQvQ
 47N7XjascHU1Q2LieUSUpB18jr1pHdG93hHiytCdFUk3xj/G10fRBHwqMlqhsBw8
 tRbxM+B/L31BJuk615mfLgJc4ogY5DK/X621OrQLZo97lpslBiaZMgSVj6545BNq
 AhPxKhIGRtpGulfhA+8YwuPixQ+Rp2ktxAVS+o3LD3U/WxF89Mm+38aG7y6YzxBj
 lNJssRJQ9MG4b+KncH54/Ahp8EFooTvitN5v+kvzANFn3SSlNWq69ewpgRWhanxN
 jcNhq5ZcUG10PfIdidy/zl+yPtSWu01BDc4phxqSYT7PhH/dVtyqVIQNKH8wLxqR
 RyWUSz9cmzk3+LrXXVYzUB4ntpITwnHXF/umT4H6d3NJkU+ZlGw2+qgEcpUd8A2u
 vZFxnDi8qcYCv2AyJ4BuSQ3ryR6KpeGlydcHVYOcub6KzFN8aO52EbPJHE5fP4gb
 wHWoRpFNaYdzbypyhKrK5OYwBbZ0uNmI3ULbJ9QNfG5u6LyWPYLbokepG7u/i68k
 xoe4E9xXbu6xIn8E4vHzvy3DMwO/AJS70hMVp40XzG2qY/aYN28pTUcUIxOsnNp9
 8UI72HGeeYl5PZchdgE8
 =vjVU
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Fix oops when dereferencing empty data (Alex Williamson)"

* tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio:
  vfio/pci: Fix NULL pointer oops in error interrupt setup handling
This commit is contained in:
Linus Torvalds 2016-08-12 16:34:58 -07:00
commit f31494bd05
1 changed files with 49 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
drivers/vfio/pci/vfio_pci_intrs.c
View File

@ -564,67 +564,80 @@ static int vfio_pci_set_msi_trigger(struct vfio_pci_device *vdev,
} }
static int vfio_pci_set_ctx_trigger_single(struct eventfd_ctx **ctx, static int vfio_pci_set_ctx_trigger_single(struct eventfd_ctx **ctx,
uint32_t flags, void *data) unsigned int count, uint32_t flags,
void *data)
{ {
int32_t fd = *(int32_t *)data;
if (!(flags & VFIO_IRQ_SET_DATA_TYPE_MASK))
return -EINVAL;
/* DATA_NONE/DATA_BOOL enables loopback testing */ /* DATA_NONE/DATA_BOOL enables loopback testing */
if (flags & VFIO_IRQ_SET_DATA_NONE) { if (flags & VFIO_IRQ_SET_DATA_NONE) {
if (*ctx) if (*ctx) {
eventfd_signal(*ctx, 1); if (count) {
return 0; eventfd_signal(*ctx, 1);
} else {
eventfd_ctx_put(*ctx);
*ctx = NULL;
}
return 0;
}
} else if (flags & VFIO_IRQ_SET_DATA_BOOL) { } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
uint8_t trigger = *(uint8_t *)data; uint8_t trigger;
if (!count)
return -EINVAL;
trigger = *(uint8_t *)data;
if (trigger && *ctx) if (trigger && *ctx)
eventfd_signal(*ctx, 1); eventfd_signal(*ctx, 1);
return 0;
} else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
int32_t fd;
if (!count)
return -EINVAL;
fd = *(int32_t *)data;
if (fd == -1) {
if (*ctx)
eventfd_ctx_put(*ctx);
*ctx = NULL;
} else if (fd >= 0) {
struct eventfd_ctx *efdctx;
efdctx = eventfd_ctx_fdget(fd);
if (IS_ERR(efdctx))
return PTR_ERR(efdctx);
if (*ctx)
eventfd_ctx_put(*ctx);
*ctx = efdctx;
}
return 0; return 0;
} }
/* Handle SET_DATA_EVENTFD */ return -EINVAL;
if (fd == -1) {
if (*ctx)
eventfd_ctx_put(*ctx);
*ctx = NULL;
return 0;
} else if (fd >= 0) {
struct eventfd_ctx *efdctx;
efdctx = eventfd_ctx_fdget(fd);
if (IS_ERR(efdctx))
return PTR_ERR(efdctx);
if (*ctx)
eventfd_ctx_put(*ctx);
*ctx = efdctx;
return 0;
} else
return -EINVAL;
} }
static int vfio_pci_set_err_trigger(struct vfio_pci_device *vdev, static int vfio_pci_set_err_trigger(struct vfio_pci_device *vdev,
unsigned index, unsigned start, unsigned index, unsigned start,
unsigned count, uint32_t flags, void *data) unsigned count, uint32_t flags, void *data)
{ {
if (index != VFIO_PCI_ERR_IRQ_INDEX) if (index != VFIO_PCI_ERR_IRQ_INDEX || start != 0 || count > 1)
return -EINVAL; return -EINVAL;
/* return vfio_pci_set_ctx_trigger_single(&vdev->err_trigger,
* We should sanitize start & count, but that wasn't caught count, flags, data);
* originally, so this IRQ index must forever ignore them :-(
*/
return vfio_pci_set_ctx_trigger_single(&vdev->err_trigger, flags, data);
} }
static int vfio_pci_set_req_trigger(struct vfio_pci_device *vdev, static int vfio_pci_set_req_trigger(struct vfio_pci_device *vdev,
unsigned index, unsigned start, unsigned index, unsigned start,
unsigned count, uint32_t flags, void *data) unsigned count, uint32_t flags, void *data)
{ {
if (index != VFIO_PCI_REQ_IRQ_INDEX || start != 0 || count != 1) if (index != VFIO_PCI_REQ_IRQ_INDEX || start != 0 || count > 1)
return -EINVAL; return -EINVAL;
return vfio_pci_set_ctx_trigger_single(&vdev->req_trigger, flags, data); return vfio_pci_set_ctx_trigger_single(&vdev->req_trigger,
count, flags, data);
} }
int vfio_pci_set_irqs_ioctl(struct vfio_pci_device *vdev, uint32_t flags, int vfio_pci_set_irqs_ioctl(struct vfio_pci_device *vdev, uint32_t flags,