releases/4.4.133/s390-qdio-fix-access-to-uninitialized-qdio_q-fields.patch

   1 From e521813468f786271a87e78e8644243bead48fad Mon Sep 17 00:00:00 2001
   2 From: Julian Wiedmann <jwi@linux.ibm.com>
   3 Date: Wed, 2 May 2018 08:48:43 +0200
   4 Subject: s390/qdio: fix access to uninitialized qdio_q fields
   5
   6 From: Julian Wiedmann <jwi@linux.ibm.com>
   7
   8 commit e521813468f786271a87e78e8644243bead48fad upstream.
   9
  10 Ever since CQ/QAOB support was added, calling qdio_free() straight after
  11 qdio_alloc() results in qdio_release_memory() accessing uninitialized
  12 memory (ie. q->u.out.use_cq and q->u.out.aobs). Followed by a
  13 kmem_cache_free() on the random AOB addresses.
  14
  15 For older kernels that don't have 6e30c549f6ca, the same applies if
  16 qdio_establish() fails in the DEV_STATE_ONLINE check.
  17
  18 While initializing q->u.out.use_cq would be enough to fix this
  19 particular bug, the more future-proof change is to just zero-alloc the
  20 whole struct.
  21
  22 Fixes: 104ea556ee7f ("qdio: support asynchronous delivery of storage blocks")
  23 Cc: <stable@vger.kernel.org> #v3.2+
  24 Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
  25 Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
  26 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  27
  28 ---
  29  drivers/s390/cio/qdio_setup.c |    2 +-
  30  1 file changed, 1 insertion(+), 1 deletion(-)
  31
  32 --- a/drivers/s390/cio/qdio_setup.c
  33 +++ b/drivers/s390/cio/qdio_setup.c
  34 @@ -140,7 +140,7 @@ static int __qdio_allocate_qs(struct qdi
  35         int i;
  36
  37         for (i = 0; i < nr_queues; i++) {
  38 -               q = kmem_cache_alloc(qdio_q_cache, GFP_KERNEL);
  39 +               q = kmem_cache_zalloc(qdio_q_cache, GFP_KERNEL);
  40                 if (!q)
  41                         return -ENOMEM;
  42