OSDN Git Service

s390/qdio: fix access to uninitialized qdio_q fields
authorJulian Wiedmann <jwi@linux.ibm.com>
Wed, 2 May 2018 06:48:43 +0000 (08:48 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 26 May 2018 06:48:55 +0000 (08:48 +0200)
commit9c32e0d3655efc6f5b556614a6713870da477d05
tree053a85fd71266469bfb6948963c3c7101ac950ed
parentec8d6e953ad179be174b59513d8392ef48f566d5
s390/qdio: fix access to uninitialized qdio_q fields

commit e521813468f786271a87e78e8644243bead48fad upstream.

Ever since CQ/QAOB support was added, calling qdio_free() straight after
qdio_alloc() results in qdio_release_memory() accessing uninitialized
memory (ie. q->u.out.use_cq and q->u.out.aobs). Followed by a
kmem_cache_free() on the random AOB addresses.

For older kernels that don't have 6e30c549f6ca, the same applies if
qdio_establish() fails in the DEV_STATE_ONLINE check.

While initializing q->u.out.use_cq would be enough to fix this
particular bug, the more future-proof change is to just zero-alloc the
whole struct.

Fixes: 104ea556ee7f ("qdio: support asynchronous delivery of storage blocks")
Cc: <stable@vger.kernel.org> #v3.2+
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/s390/cio/qdio_setup.c