system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-18 09:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Mikulas Patocka 1fbeea217d dm raid: fix address sanitizer warning in raid_status 
There is this warning when using a kernel with the address sanitizer
and running this testsuite:
https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid

==================================================================
BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]
Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319
CPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
Call Trace:
 <TASK>
 dump_stack_lvl+0x6a/0x9c
 print_address_description.constprop.0+0x1f/0x1e0
 print_report.cold+0x55/0x244
 kasan_report+0xc9/0x100
 raid_status+0x1747/0x2820 [dm_raid]
 dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]
 table_load+0x35c/0x630 [dm_mod]
 ctl_ioctl+0x411/0x630 [dm_mod]
 dm_ctl_ioctl+0xa/0x10 [dm_mod]
 __x64_sys_ioctl+0x12a/0x1a0
 do_syscall_64+0x5b/0x80

The warning is caused by reading conf->max_nr_stripes in raid_status. The
code in raid_status reads mddev->private, casts it to struct r5conf and
reads the entry max_nr_stripes.

However, if we have different raid type than 4/5/6, mddev->private
doesn't point to struct r5conf; it may point to struct r0conf, struct
r1conf, struct r10conf or struct mpconf. If we cast a pointer to one
of these structs to struct r5conf, we will be reading invalid memory
and KASAN warns about it.

Fix this bug by reading struct r5conf only if raid type is 4, 5 or 6.

Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
2022-07-28 17:29:56 -04:00
..
accessibility Revert "speakup: Generate speakupmap.h automatically" 2022-05-20 21:07:05 +02:00
acpi More power management updates for 5.19-rc1 2022-05-30 11:37:26 -07:00
amba Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
android fix for breakage in #work.fd this window 2022-06-05 17:14:03 -07:00
ata ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files 2022-06-09 09:25:25 +09:00
atm
auxdisplay
base Minor things, mainly - mailmap updates, MAINTAINERS updates, etc. 2022-06-26 14:00:55 -07:00
bcma
block block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
bluetooth Bluetooth: btmtksdio: fix the reset takes too long 2022-05-13 13:19:01 +02:00
bus ARM: SoC fixes for 5.19 2022-06-26 14:12:56 -07:00
cdrom block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-20 11:06:17 +02:00
clk Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
clocksource clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() 2022-06-08 12:27:08 +00:00
comedi comedi: vmk80xx: fix expression for tx buffer size 2022-06-10 15:21:23 +02:00
connector
counter
cpufreq ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
cpuidle Merge branches 'pm-em' and 'pm-cpuidle' 2022-05-23 19:18:51 +02:00
crypto virtio-crypto: enable retry for virtio-crypto-dev 2022-05-31 12:45:09 -04:00
cxl cxl/port: Enable HDM Capability after validating DVSEC Ranges 2022-05-20 12:30:53 -07:00
dax dax: add .recovery_write dax_operation 2022-05-16 13:37:59 -07:00
dca
devfreq PM / devfreq: passive: Return non-error when not-supported event is required 2022-05-19 19:32:19 +02:00
dio drivers: dio: add missing iounmap() in dio_init() 2022-05-19 18:56:51 +02:00
dma dmaengine updates for v5.19-rc1 2022-05-29 11:38:27 -07:00
dma-buf udmabuf: add back sanity check 2022-06-20 08:38:29 -05:00
edac - A gargen variety of fixes which don't fit any other tip bucket: 2022-05-23 19:32:59 -07:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-05-13 17:03:41 +09:00
firewire firewire: convert sysfs sprintf/snprintf family to sysfs_emit 2022-06-17 10:43:20 +02:00
firmware ARM: SoC fixes for 5.19 2022-06-26 14:12:56 -07:00
fpga
fsi
gnss
gpio gpio fixes for v5.19-rc4 2022-06-24 17:01:31 -07:00
gpu xen: branch for v5.19-rc4 2022-06-24 12:22:11 -07:00
greybus
hid HID: hyperv: Correctly access fields declared as __le16 2022-06-08 12:28:13 +00:00
hsi
hte hte: Uninitialized variable in hte_ts_get() 2022-05-20 15:54:41 +02:00
hv Drivers: hv: vmbus: Release cpu lock in error case 2022-06-10 08:41:28 +00:00
hwmon hwmon: (asus-ec-sensors) add missing comma in board name list. 2022-06-15 08:14:38 -07:00
hwspinlock
hwtracing
i2c i2c: mediatek: Fix an error handling path in mtk_i2c_probe() 2022-06-14 22:11:54 +02:00
i3c i3c: master: svc: fix returnvar.cocci warning 2022-05-17 22:34:42 +02:00
idle cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE 2022-06-08 18:05:45 +02:00
iio 1st set of IIO fixes for the 5.19 cycle. 2022-06-20 09:49:52 +02:00
infiniband v5.19 pull request 2022-05-26 21:08:40 -07:00
input Input updates for v5.19-rc1 2022-06-07 15:00:29 -07:00
interconnect Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
iommu iommu/ipmmu-vmsa: Fix compatible for rcar-gen4 2022-06-22 15:45:56 +02:00
ipack
irqchip irqchip/loongson-liointc: Use architecture register to get coreid 2022-06-10 08:57:19 +01:00
isdn
leds ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-05-22 15:58:30 +10:00
mailbox mailbox: qcom-ipcc: Fix -Wunused-function with CONFIG_PM_SLEEP=n 2022-05-24 08:08:24 -05:00
mcb
md dm raid: fix address sanitizer warning in raid_status 2022-07-28 17:29:56 -04:00
media USB / Thunderbolt changes for 5.19-rc1 2022-06-03 11:17:49 -07:00
memory memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings 2022-06-06 11:18:20 +02:00
memstick block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
message
mfd ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
misc Char/Misc driver fixes for 5.19-rc3 - take 2 2022-06-19 09:37:29 -05:00
mmc block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
most
mtd block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
mux
net virtio_net: fix xdp_rxq_info bug after suspend/resume 2022-06-22 19:09:13 -07:00
nfc nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred 2022-06-08 10:18:10 -07:00
ntb
nubus
nvdimm block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
nvme block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
nvmem
of drm for 5.19-rc1 2022-05-25 16:18:27 -07:00
opp OPP updates for 5.19-rc1 2022-05-25 15:02:26 +02:00
parisc
parport
pci Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
pcmcia ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
peci
perf arm64 updates for 5.19: 2022-05-23 21:06:11 -07:00
phy phy-for-5.19 2022-05-19 16:56:17 +02:00
pinctrl Pin control bulk changes for the v5.19 series: 2022-05-28 11:15:54 -07:00
platform platform-drivers-x86 for v5.19-2 2022-06-12 11:33:42 -07:00
pnp
power Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
powercap Merge branches 'pm-em' and 'pm-cpuidle' 2022-05-23 19:18:51 +02:00
pps
ps3
ptp ptp: ptp_clockmatrix: fix is_single_shot 2022-05-25 21:51:32 -07:00
pwm pwm: pwm-cros-ec: Add channel type support 2022-05-20 16:40:01 +02:00
rapidio
ras
regulator regulator: qcom_smd: correct MP5496 ranges 2022-06-07 20:38:09 +01:00
remoteproc
reset
rpmsg Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
rtc ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
s390 block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
sbus
scsi block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
sh
siox
slimbus Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
soc This pull request contains Broadcom ARM-based SoCs driver fixes for 2022-06-14 12:20:31 +02:00
soundwire
spi spi: rockchip: Unmask IRQ at the final to avoid preemption 2022-06-20 11:35:43 +01:00
spmi
ssb
staging staging: rtl8723bs: Allocate full pwep structure 2022-06-10 09:10:16 +02:00
target blk-mq: remove the done argument to blk_execute_rq_nowait 2022-05-28 06:15:27 -06:00
tc
tee Fix a compiler warning in OP-TEE driver 2022-05-30 14:44:27 +02:00
thermal Additional thermal control update for 5.19-rc1 2022-05-30 11:34:13 -07:00
thunderbolt USB / Thunderbolt changes for 5.19-rc1 2022-06-03 11:17:49 -07:00
tty Merge branch 'rework/kthreads' into for-linus 2022-06-23 19:11:28 +02:00
ufs block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
uio
usb usb: chipidea: udc: check request status before setting device address 2022-06-24 13:45:23 +02:00
vdpa vduse: Fix NULL pointer dereference on sysfs access 2022-06-08 08:56:03 -04:00
vfio VFIO updates for v5.19-rc1 2022-06-01 13:49:15 -07:00
vhost vdpa: make get_vq_group and set_group_asid optional 2022-06-09 00:26:35 -04:00
video fbdev fixes and updates for kernel v5.19-rc4: 2022-06-26 09:13:51 -07:00
virt Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
virtio virtio,vdpa: fixes 2022-06-11 16:32:47 -07:00
vlynq
vme
w1
watchdog watchdog: gxp: Add missing MODULE_LICENSE 2022-06-09 12:20:34 +02:00
xen xen/gntdev: Avoid blocking in unmap_grant_pages() 2022-06-23 15:29:18 +02:00
zorro
Kconfig SCSI misc on 20220604 2022-06-05 09:25:12 -07:00
Makefile SCSI misc on 20220604 2022-06-05 09:25:12 -07:00