Received: by 10.223.185.111 with SMTP id b44csp910371wrg; Fri, 9 Mar 2018 16:37:49 -0800 (PST) X-Google-Smtp-Source: AG47ELtxsrSruF6cfixoi1uN7pB8u0dAUP/GYzccVP5Lb1/osGhOBfydRVs/F0JMsDq3q2SpEfvB X-Received: by 10.101.67.73 with SMTP id k9mr310645pgq.244.1520642269503; Fri, 09 Mar 2018 16:37:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520642269; cv=none; d=google.com; s=arc-20160816; b=Hn7hHazwxoXVOuHRRY+FJWk3xDrLGHMLJ8ZWinot9KTvem9cs5KvTTKdIeR+iTmwI9 X3jMJO2KYvj/qSG4ZAI6VOflQKKRSGgLaPjbwQlP6olkZNmJiMKBWU+4TL6dqJf4dZg3 ZlYAgjZLtbONvQyTlHASmkeEZ45sKKkwhjOgWuMppNuLW7q0If6ufqXh8u8M4yMFXb6c gnBYF1tOzi1G1k6lCHV6bKorSLpkLLCUg2zh1mHwhMCezpPEeqIMiiBXeBVbs+SYPH02 G6GMrElxrtxrxMbv3KEzkG2R0nMeerDkFyPxTJPjziCMxHlWc0rs3JSQygHhkvUQfucg mM9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=amcnU8ubN3K3RF+BLiWCjmIhwmiv9BGc9z3sHVLM1J0=; b=etKIPCUQoSIQT+jBJP6RXPHW673AG5hNv2LZF1JGUwB5aZbyGlLzQgpH/a2buw2IsL OBegcVHpPVbQHmVMwSl4v4SmpjjvSE/at7xfdUxKo1E1VRgKWo3ldSIkcXXJ7ZxYpoux PtTTaUVj1BnY2yrlVKfLMVCGGyFYJ9SJfplHnWPHaaePqz/AhX7j9aLOQ4KJ/ovwIk2u xf4a8wN054X9StfIO4VDdmGlyViLWZcWaVdRy5HY7BDOzKrCG9iRbv33KkPpjCN7xKBS wvFfdNUu1BiJrE3kFvLEamkHRDC1Faj9nNA1ictYZOtKmFzUZmT4SIqkIkufNCbd7eNg p4Cw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 37-v6si1767701ple.599.2018.03.09.16.37.34; Fri, 09 Mar 2018 16:37:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933779AbeCJAVz (ORCPT + 99 others); Fri, 9 Mar 2018 19:21:55 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:39750 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933745AbeCJAVp (ORCPT ); Fri, 9 Mar 2018 19:21:45 -0500 Received: from localhost (unknown [185.236.200.248]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 25E8D1160; Sat, 10 Mar 2018 00:21:45 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Hutchings , Thomas Gleixner Subject: [PATCH 4.9 32/65] x86/apic/vector: Handle legacy irq data correctly Date: Fri, 9 Mar 2018 16:18:32 -0800 Message-Id: <20180310001827.461127419@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180310001824.927996722@linuxfoundation.org> References: <20180310001824.927996722@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Thomas Gleixner The backport of upstream commit 45d55e7bac40 ("x86/apic/vector: Fix off by one in error path") missed to fixup the legacy interrupt data which is not longer available upstream. Handle legacy irq data correctly by clearing the legacy storage to prevent use after free. Fixes: 7fd133539289 ("x86/apic/vector: Fix off by one in error path") - 4.4.y Fixes: c557481a9491 ("x86/apic/vector: Fix off by one in error path") - 4.9.y Reported-by: Ben Hutchings Signed-off-by: Thomas Gleixner Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/apic/vector.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -93,8 +93,12 @@ out_data: return NULL; } -static void free_apic_chip_data(struct apic_chip_data *data) +static void free_apic_chip_data(unsigned int virq, struct apic_chip_data *data) { +#ifdef CONFIG_X86_IO_APIC + if (virq < nr_legacy_irqs()) + legacy_irq_data[virq] = NULL; +#endif if (data) { free_cpumask_var(data->domain); free_cpumask_var(data->old_domain); @@ -318,11 +322,7 @@ static void x86_vector_free_irqs(struct apic_data = irq_data->chip_data; irq_domain_reset_irq_data(irq_data); raw_spin_unlock_irqrestore(&vector_lock, flags); - free_apic_chip_data(apic_data); -#ifdef CONFIG_X86_IO_APIC - if (virq + i < nr_legacy_irqs()) - legacy_irq_data[virq + i] = NULL; -#endif + free_apic_chip_data(virq + i, apic_data); } } } @@ -363,7 +363,7 @@ static int x86_vector_alloc_irqs(struct err = assign_irq_vector_policy(virq + i, node, data, info); if (err) { irq_data->chip_data = NULL; - free_apic_chip_data(data); + free_apic_chip_data(virq + i, data); goto error; } }