Commit c732623b authored Mar 01, 2016 by Tim Sell Committed by Greg Kroah-Hartman Mar 01, 2016

staging: unisys: visorbus: tolerate larger-than-expected controlvm channel

Use the dynamic size of the controlvm channel (struct channel_header.size)
instead of the statically computed sizeof(struct controlvm_channel) when
determining the valid bounds for visorchannel_read() and
visorchannel_write().

This prevents an observed problem where kdump was failing because
controlvm_channel.local_crash_msg_offset was pointing beyond the statically
computed size of the channel, even though the channel was physically large
enough. This was causing visorchannel_read() to unecessarily fail, because
we thought we were attempting to access memory outside of the channel.

Signed-off-by: Timothy Sell <timothy.sell@unisys.com>
Signed-off-by: David Kershner <david.kershner@unisys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent a8deaef3

drivers/staging/unisys/visorbus/visorchipset.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -2251,7 +2251,6 @@ visorchipset_init(struct acpi_device *acpi_device)
		{
		int rc = 0;
		u64 addr;
		int tmp_sz = sizeof(struct spar_controlvm_channel_protocol);
		uuid_le uuid = SPAR_CONTROLVM_CHANNEL_PROTOCOL_UUID;

		addr = controlvm_get_channel_address();
		@@ -2261,8 +2260,10 @@ visorchipset_init(struct acpi_device *acpi_device)
		memset(&busdev_notifiers, 0, sizeof(busdev_notifiers));
		memset(&controlvm_payload_info, 0, sizeof(controlvm_payload_info));

		controlvm_channel = visorchannel_create_with_lock(addr, tmp_sz,
		controlvm_channel = visorchannel_create_with_lock(addr, 0,
		GFP_KERNEL, uuid);
		if (!controlvm_channel)
		return -ENODEV;
		if (SPAR_CONTROLVM_CHANNEL_OK_CLIENT(
		visorchannel_get_header(controlvm_channel))) {
		initialize_controlvm_payload();