вторник

[Bug 1800641] Re: [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup

** Changed in: ubuntu-z-systems
Status: In Progress => Fix Committed

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/1800641

Title:
[Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup

Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed

Bug description:

== SRU Justification ==
IBM is requesting these commits in s390 for X, B and C. The bug
description the commits fix is as follows:

Description: qeth: Fix potential array overrun in cmd/rc lookup Symptom:
Infinite loop when processing a received cmd.
Problem: qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used to build
human-readable messages for received cmd data.


== Fixes ==
065a2cdcbdf8 ("s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function")
048a7f8b4ec0 ("s390: qeth: Fix potential array overrun in cmd/rc lookup")

== Regression Potential ==
Low. Limited to s390.

== Test Case ==
A test kernel was built with these two patches and tested by IBM.
The bug reporter states the test kernel resolved the bug.



Description: qeth: Fix potential array overrun in cmd/rc lookup
Symptom: Infinite loop when processing a received cmd.
Problem: qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
              to build human-readable messages for received cmd data.

              They store the to-be translated value in the last entry of a
              global array, and then iterate over each entry until they found
              the queried value (and the corresponding message string).
              If there is no prior match, the lookup is intended to stop at
              the final entry (which was previously prepared).

              If two qeth devices are concurrently processing a received cmd,
              one lookup can over-write the last entry of the global array
              while a second lookup is in process. This second lookup will then
              never hit its stop-condition, and loop.
Solution: Remove the modification of the global array, and limit the number
              of iterations to the size of the array.

Upstream-ID: kernel 4.19
- 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
- 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800641/+subscriptions
[SOLVED]: eRROR FIRST SEEN:

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)