diff mbox series

[PULL,1/1] s390/cio: Fix how vfio-ccw checks pinned pages

Message ID 20181002153748.13503-2-cohuck@redhat.com (mailing list archive)
State New, archived
Headers show
Series [PULL,1/1] s390/cio: Fix how vfio-ccw checks pinned pages | expand

Commit Message

Cornelia Huck Oct. 2, 2018, 3:37 p.m. UTC 
From: Eric Farman <farman@linux.ibm.com>

We have two nested loops to check the entries within the pfn_array_table
arrays.  But we mistakenly use the outer array as an index in our check,
and completely ignore the indexing performed by the inner loop.

Cc: stable@vger.kernel.org
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20181002010235.42483-1-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
 drivers/s390/cio/vfio_ccw_cp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Farhan Ali Oct. 3, 2018, 1:14 p.m. UTC | #1 
On 10/02/2018 11:37 AM, Cornelia Huck wrote:
> From: Eric Farman <farman@linux.ibm.com>
> 
> We have two nested loops to check the entries within the pfn_array_table
> arrays.  But we mistakenly use the outer array as an index in our check,
> and completely ignore the indexing performed by the inner loop.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Eric Farman <farman@linux.ibm.com>
> Message-Id: <20181002010235.42483-1-farman@linux.ibm.com>
> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
> ---
>   drivers/s390/cio/vfio_ccw_cp.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
> index dbe7c7ac9ac8..fd77e46eb3b2 100644
> --- a/drivers/s390/cio/vfio_ccw_cp.c
> +++ b/drivers/s390/cio/vfio_ccw_cp.c
> @@ -163,7 +163,7 @@ static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat,
> 
>   	for (i = 0; i < pat->pat_nr; i++, pa++)
>   		for (j = 0; j < pa->pa_nr; j++)
> -			if (pa->pa_iova_pfn[i] == iova_pfn)
> +			if (pa->pa_iova_pfn[j] == iova_pfn)
>   				return true;
> 
>   	return false;
> 

Me and Jason have been looking at this code recently and we think this 
is the right fix.

Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
diff mbox series

Patch

diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
index dbe7c7ac9ac8..fd77e46eb3b2 100644
--- a/drivers/s390/cio/vfio_ccw_cp.c
+++ b/drivers/s390/cio/vfio_ccw_cp.c
@@ -163,7 +163,7 @@  static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat,
 
 	for (i = 0; i < pat->pat_nr; i++, pa++)
 		for (j = 0; j < pa->pa_nr; j++)
-			if (pa->pa_iova_pfn[i] == iova_pfn)
+			if (pa->pa_iova_pfn[j] == iova_pfn)
 				return true;
 
 	return false;