From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yury Norov <ynorov@caviumnetworks.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
syzbot <syzbot+6887cbb011c8054e8a3d@syzkaller.appspotmail.com>,
Noam Camus <noamca@mellanox.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Matthew Wilcox <mawilcox@microsoft.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.14 44/49] lib: fix stall in __bitmap_parselist()
Date: Tue, 17 Apr 2018 17:59:23 +0200 [thread overview]
Message-ID: <20180417155717.139456197@linuxfoundation.org> (raw)
In-Reply-To: <20180417155715.032245882@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yury Norov <ynorov@caviumnetworks.com>
commit 8351760ff5b2042039554b4948ddabaac644a976 upstream.
syzbot is catching stalls at __bitmap_parselist()
(https://syzkaller.appspot.com/bug?id=ad7e0351fbc90535558514a71cd3edc11681997a).
The trigger is
unsigned long v = 0;
bitmap_parselist("7:,", &v, BITS_PER_LONG);
which results in hitting infinite loop at
while (a <= b) {
off = min(b - a + 1, used_size);
bitmap_set(maskp, a, off);
a += group_size;
}
due to used_size == group_size == 0.
Link: http://lkml.kernel.org/r/20180404162647.15763-1-ynorov@caviumnetworks.com
Fixes: 0a5ce0831d04382a ("lib/bitmap.c: make bitmap_parselist() thread-safe and much faster")
Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzbot+6887cbb011c8054e8a3d@syzkaller.appspotmail.com>
Cc: Noam Camus <noamca@mellanox.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/bitmap.c | 2 +-
lib/test_bitmap.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char
/* if no digit is after '-', it's wrong*/
if (at_start && in_range)
return -EINVAL;
- if (!(a <= b) || !(used_size <= group_size))
+ if (!(a <= b) || group_size == 0 || !(used_size <= group_size))
return -EINVAL;
if (b >= nmaskbits)
return -ERANGE;
--- a/lib/test_bitmap.c
+++ b/lib/test_bitmap.c
@@ -218,6 +218,10 @@ static const struct test_bitmap_parselis
{-EINVAL, "-1", NULL, 8, 0},
{-EINVAL, "-0", NULL, 8, 0},
{-EINVAL, "10-1", NULL, 8, 0},
+ {-EINVAL, "0-31:", NULL, 8, 0},
+ {-EINVAL, "0-31:0", NULL, 8, 0},
+ {-EINVAL, "0-31:0/0", NULL, 8, 0},
+ {-EINVAL, "0-31:1/0", NULL, 8, 0},
{-EINVAL, "0-31:10/1", NULL, 8, 0},
};
next prev parent reply other threads:[~2018-04-17 15:59 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 15:58 [PATCH 4.14 00/49] 4.14.35-stable review Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 01/49] netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 02/49] cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 03/49] rds: MP-RDS may use an invalid c_path Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 04/49] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 05/49] vhost: fix vhost_vq_access_ok() log check Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 06/49] vhost: Fix vhost_copy_to_user() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 07/49] lan78xx: Correctly indicate invalid OTP Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 08/49] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 09/49] media: v4l: vsp1: Fix header display list status check in continuous mode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 10/49] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 11/49] parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 12/49] Drivers: hv: vmbus: do not mark HV_PCIE as perf_device Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 13/49] PCI: hv: Serialize the present and eject work items Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 14/49] KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 15/49] perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 16/49] perf intel-pt: Fix sync_switch Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 17/49] perf intel-pt: Fix error recovery from missing TIP packet Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 18/49] perf intel-pt: Fix timestamp following overflow Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 19/49] perf/core: Fix use-after-free in uprobe_perf_close() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.14 20/49] radeon: hide pointless #warning when compile testing Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 21/49] x86/MCE/AMD: Define a function to get SMCA bank type Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 22/49] scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 23/49] apparmor: fix logging of the existence test for signals Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 24/49] apparmor: fix display of .ns_name for containers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 25/49] apparmor: fix resource audit messages when auditing peer Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 26/49] block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 27/49] nfit: fix region registration vs block-data-window ranges Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 28/49] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 29/49] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 30/49] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 31/49] get_user_pages_fast(): return -EFAULT on access_ok failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 32/49] getname_kernel() needs to make sure that ->name != ->iname in long case Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 33/49] Bluetooth: Fix connection if directed advertising and privacy is used Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 34/49] Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 35/49] rtl8187: Fix NULL pointer dereference in priv->conf_mutex Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 36/49] x86/MCE: Report only DRAM ECC as memory errors on AMD systems Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 37/49] x86/mce/AMD: Pass the bank number to smca_get_bank_type() Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 38/49] x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 39/49] x86/mce/AMD: Get address from already initialized block Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 40/49] hwmon: (ina2xx) Fix access to uninitialized mutex Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 41/49] ath9k: Protect queue draining by rcu_read_lock() Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 42/49] sunrpc: remove incorrect HMAC request initialization Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 43/49] f2fs: fix heap mode to reset it back Greg Kroah-Hartman
2018-04-17 15:59 ` Greg Kroah-Hartman [this message]
2018-04-17 15:59 ` [PATCH 4.14 45/49] blk-mq: dont keep offline CPUs mapped to hctx 0 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 46/49] ovl: fix lookup with middle layer opaque dir and absolute path redirects Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 47/49] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 48/49] hugetlbfs: fix bug in pgoff overflow checking Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.14 49/49] nfsd: fix incorrect umasks Greg Kroah-Hartman
2018-04-17 21:05 ` [PATCH 4.14 00/49] 4.14.35-stable review Shuah Khan
2018-04-17 22:43 ` kernelci.org bot
2018-04-18 7:27 ` Naresh Kamboju
2018-04-18 15:38 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417155717.139456197@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mawilcox@microsoft.com \
--cc=mchehab@kernel.org \
--cc=noamca@mellanox.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=stable@vger.kernel.org \
--cc=syzbot+6887cbb011c8054e8a3d@syzkaller.appspotmail.com \
--cc=torvalds@linux-foundation.org \
--cc=ynorov@caviumnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox