kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #184026
[Bug 1584828] Re: s390/pci: fix use after free in dma_init
------- Comment From geraldsc@xxxxxxxxxx 2016-06-14 12:31 EDT-------
I verified that the kernel in -proposed (4.4.0-25.44) fixes the problem.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584828
Title:
s390/pci: fix use after free in dma_init
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Released
Bug description:
== Comment: #0 - Hendrik Brueckner <brueckner@xxxxxxxxxx> - 2016-05-23 09:09:00 ==
Please backport upstream Linux commit ID:
commit dba599091c191d209b1499511a524ad9657c0e5a
Author: Sebastian Ott <sebott@xxxxxxxxxxxxxxxxxx>
Date: Fri Apr 15 09:41:35 2016 +0200
s390/pci: fix use after free in dma_init
After a failure during registration of the dma_table (because of the
function being in error state) we free its memory but don't reset the
associated pointer to zero.
When we then receive a notification from firmware (about the function
being in error state) we'll try to walk and free the dma_table again.
Fix this by resetting the dma_table pointer. In addition to that make
sure that we free the iommu_bitmap when appropriate.
Signed-off-by: Sebastian Ott <sebott@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Gerald Schaefer <gerald.schaefer@xxxxxxxxxx>
Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1584828/+subscriptions