[3.19.y-ckt stable] Patch "powerpc/powernv: Fix the overflow of OPAL message notifiers head array" has been added to the 3.19.y-ckt tree

Kamal Mostafa kamal at canonical.com
Wed Jan 20 01:03:44 UTC 2016 

This is a note to let you know that I have just added a patch titled

    powerpc/powernv: Fix the overflow of OPAL message notifiers head array

to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue

This patch is scheduled to be released in version 3.19.8-ckt13.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

---8<------------------------------------------------------------

>From e27e2eea7468dac1e731b0d6ca0770dbc26b4eb5 Mon Sep 17 00:00:00 2001
From: Neelesh Gupta <neelegup at linux.vnet.ibm.com>
Date: Wed, 11 Feb 2015 11:57:06 +0530
Subject: powerpc/powernv: Fix the overflow of OPAL message notifiers head
 array

commit 792f96e9a769b799a2944e9369e4ea1e467135b2 upstream.

Fixes the condition check of incoming message type which can
otherwise shoot beyond the message notifiers head array.

Signed-off-by: Neelesh Gupta <neelegup at linux.vnet.ibm.com>
Reviewed-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
Reviewed-by: Anshuman Khandual <khandual at linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 arch/powerpc/platforms/powernv/opal.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index f10b9ec..2651e22 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -305,16 +305,12 @@ void opal_notifier_disable(void)
 int opal_message_notifier_register(enum OpalMessageType msg_type,
 					struct notifier_block *nb)
 {
-	if (!nb) {
-		pr_warning("%s: Invalid argument (%p)\n",
-			   __func__, nb);
-		return -EINVAL;
-	}
-	if (msg_type > OPAL_MSG_TYPE_MAX) {
-		pr_warning("%s: Invalid message type argument (%d)\n",
+	if (!nb || msg_type >= OPAL_MSG_TYPE_MAX) {
+		pr_warning("%s: Invalid arguments, msg_type:%d\n",
 			   __func__, msg_type);
 		return -EINVAL;
 	}
+
 	return atomic_notifier_chain_register(
 				&opal_msg_notifier_head[msg_type], nb);
 }
@@ -351,7 +347,7 @@ static void opal_handle_message(void)
 	type = be32_to_cpu(msg.msg_type);

 	/* Sanity check */
-	if (type > OPAL_MSG_TYPE_MAX) {
+	if (type >= OPAL_MSG_TYPE_MAX) {
 		pr_warning("%s: Unknown message type: %u\n", __func__, type);
 		return;
 	}
--
1.9.1

More information about the kernel-team mailing list