Re: [PATCH v1] genirq/msi: fix crash when handling Multi-MSI

From: Thomas Gleixner
Date: Tue Jan 18 2022 - 09:39:35 EST

Next message: Rob Herring: "Re: ChipIdea USB regression"
Previous message: Simon Ser: "Re: [PATCH] MAINTAINERS: Add Helge as fbdev maintainer"
In reply to: Marc Zyngier: "Re: [PATCH v1] genirq/msi: fix crash when handling Multi-MSI"
Next in thread: Thomas Gleixner: "Re: [PATCH v1] genirq/msi: fix crash when handling Multi-MSI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 17 2022 at 11:36, Marc Zyngier wrote:
> On Mon, 17 Jan 2022 10:10:13 +0000,
> Tong Zhang <ztong0001@xxxxxxxxx> wrote:
>> pci_msi_domain_check_cap (used by ops->msi_check(domain, info, dev))
>> msi_domain_prepare_irqs
>> __msi_domain_alloc_irqs
>> msi_domain_alloc_irqs_descs_locked
>>
>> What I am suggesting is commit 0f62d941acf9 changed how this return
>> value is being handled and created a UAF
>
> OK, this makes more sense.
>
> But msi_domain_prepare_irqs() shouldn't fail in this case, and we
> should proceed with the allocation of at least one vector, which isn't
> happening here.
>
> Also, if __msi_domain_alloc_irqs() is supposed to return the number of
> irqs allocated, it isn't doing it consistently.
>
> Thomas, can you shed some light on what is the intended behaviour
> here?

Let me stare at it.

Next message: Rob Herring: "Re: ChipIdea USB regression"
Previous message: Simon Ser: "Re: [PATCH] MAINTAINERS: Add Helge as fbdev maintainer"
In reply to: Marc Zyngier: "Re: [PATCH v1] genirq/msi: fix crash when handling Multi-MSI"
Next in thread: Thomas Gleixner: "Re: [PATCH v1] genirq/msi: fix crash when handling Multi-MSI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]