kernel-packages team mailing list archive

Thread
Date

[Bug 1584828] [NEW] s390/pci: fix use after free in dma_init

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1584828@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 May 2016 15:18:09 -0000
Reply-to: Bug 1584828 <1584828@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

== Comment: #0 - Hendrik Brueckner <brueckner@xxxxxxxxxx> - 2016-05-23 09:09:00 ==
Please backport upstream Linux commit ID:

commit dba599091c191d209b1499511a524ad9657c0e5a
Author: Sebastian Ott <sebott@xxxxxxxxxxxxxxxxxx>
Date:   Fri Apr 15 09:41:35 2016 +0200

    s390/pci: fix use after free in dma_init
    
    After a failure during registration of the dma_table (because of the
    function being in error state) we free its memory but don't reset the
    associated pointer to zero.
    
    When we then receive a notification from firmware (about the function
    being in error state) we'll try to walk and free the dma_table again.
    
    Fix this by resetting the dma_table pointer. In addition to that make
    sure that we free the iommu_bitmap when appropriate.
    
    Signed-off-by: Sebastian Ott <sebott@xxxxxxxxxxxxxxxxxx>
    Reviewed-by: Gerald Schaefer <gerald.schaefer@xxxxxxxxxx>
    Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New


** Tags: architecture-s39064 bugnameltc-141691 severity-high targetmilestone-inin1604
-- 
s390/pci: fix use after free in dma_init
https://bugs.launchpad.net/bugs/1584828
You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.