Patch "Drivers: vmbus: Check for channel allocation before looking up relids" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 9 Apr 2023 08:37:46 -0400

This is a note to let you know that I've just added the patch titled

    Drivers: vmbus: Check for channel allocation before looking up relids

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drivers-vmbus-check-for-channel-allocation-before-lo.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fd7737610af0cfef28982a93763e8055100b7a4c
Author: Mohammed Gamal <mgamal@xxxxxxxxxx>
Date:   Fri Feb 17 22:44:11 2023 +0200

    Drivers: vmbus: Check for channel allocation before looking up relids
    
    [ Upstream commit 1eb65c8687316c65140b48fad27133d583178e15 ]
    
    relid2channel() assumes vmbus channel array to be allocated when called.
    However, in cases such as kdump/kexec, not all relids will be reset by the host.
    When the second kernel boots and if the guest receives a vmbus interrupt during
    vmbus driver initialization before vmbus_connect() is called, before it finishes,
    or if it fails, the vmbus interrupt service routine is called which in turn calls
    relid2channel() and can cause a null pointer dereference.
    
    Print a warning and error out in relid2channel() for a channel id that's invalid
    in the second kernel.
    
    Fixes: 8b6a877c060e ("Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels")
    
    Signed-off-by: Mohammed Gamal <mgamal@xxxxxxxxxx>
    Reviewed-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230217204411.212709-1-mgamal@xxxxxxxxxx
    Signed-off-by: Wei Liu <wei.liu@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
index bfd7f00a59ecf..683fdfa3e723e 100644
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -305,6 +305,10 @@ void vmbus_disconnect(void)
  */
 struct vmbus_channel *relid2channel(u32 relid)
 {
+	if (vmbus_connection.channels == NULL) {
+		pr_warn_once("relid2channel: relid=%d: No channels mapped!\n", relid);
+		return NULL;
+	}
 	if (WARN_ON(relid >= MAX_CHANNEL_RELIDS))
 		return NULL;
 	return READ_ONCE(vmbus_connection.channels[relid]);






