diff --git a/patches.suse/msft-hv-2770-Drivers-vmbus-Check-for-channel-allocation-before-lo.patch b/patches.suse/msft-hv-2770-Drivers-vmbus-Check-for-channel-allocation-before-lo.patch new file mode 100644 index 0000000..c4c9419 --- /dev/null +++ b/patches.suse/msft-hv-2770-Drivers-vmbus-Check-for-channel-allocation-before-lo.patch @@ -0,0 +1,42 @@ +From: Mohammed Gamal +Date: Fri, 17 Feb 2023 22:44:11 +0200 +Patch-mainline: v6.3-rc6 +Subject: Drivers: vmbus: Check for channel allocation before looking up relids +Git-commit: 1eb65c8687316c65140b48fad27133d583178e15 +References: git-fixes + +relid2channel() assumes vmbus channel array to be allocated when called. +However, in cases such as kdump/kexec, not all relids will be reset by the host. +When the second kernel boots and if the guest receives a vmbus interrupt during +vmbus driver initialization before vmbus_connect() is called, before it finishes, +or if it fails, the vmbus interrupt service routine is called which in turn calls +relid2channel() and can cause a null pointer dereference. + +Print a warning and error out in relid2channel() for a channel id that's invalid +in the second kernel. + +Fixes: 8b6a877c060e ("Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels") + +Signed-off-by: Mohammed Gamal +Reviewed-by: Dexuan Cui +Link: https://lore.kernel.org/r/20230217204411.212709-1-mgamal@redhat.com +Signed-off-by: Wei Liu +Acked-by: Olaf Hering +--- + drivers/hv/connection.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c +--- a/drivers/hv/connection.c ++++ b/drivers/hv/connection.c +@@ -409,6 +409,10 @@ void vmbus_disconnect(void) + */ + struct vmbus_channel *relid2channel(u32 relid) + { ++ if (vmbus_connection.channels == NULL) { ++ pr_warn_once("relid2channel: relid=%d: No channels mapped!\n", relid); ++ return NULL; ++ } + if (WARN_ON(relid >= MAX_CHANNEL_RELIDS)) + return NULL; + return READ_ONCE(vmbus_connection.channels[relid]); diff --git a/series.conf b/series.conf index 0a88b6d..ec791a3 100644 --- a/series.conf +++ b/series.conf @@ -23391,6 +23391,7 @@ patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch patches.suse/btrfs-fix-race-between-quota-disable-and-quota-assig.patch + patches.suse/msft-hv-2770-Drivers-vmbus-Check-for-channel-allocation-before-lo.patch ######################################################## # end of sorted patches