From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Milan Broz <gmazyland@gmail.com>,
Mikulas Patocka <mpatocka@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 084/106] dm: Check for device sector overflow if CONFIG_LBDAF is not set
Date: Thu, 24 Jan 2019 20:20:41 +0100 [thread overview]
Message-ID: <20190124190211.481093306@linuxfoundation.org> (raw)
In-Reply-To: <20190124190206.342411005@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit ef87bfc24f9b8da82c89aff493df20f078bc9cb1 ]
Reference to a device in device-mapper table contains offset in sectors.
If the sector_t is 32bit integer (CONFIG_LBDAF is not set), then
several device-mapper targets can overflow this offset and validity
check is then performed on a wrong offset and a wrong table is activated.
See for example (on 32bit without CONFIG_LBDAF) this overflow:
# dmsetup create test --table "0 2048 linear /dev/sdg 4294967297"
# dmsetup table test
0 2048 linear 8:96 1
This patch adds explicit check for overflow if the offset is sector_t type.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-crypt.c | 2 +-
drivers/md/dm-delay.c | 2 +-
drivers/md/dm-flakey.c | 2 +-
drivers/md/dm-linear.c | 2 +-
drivers/md/dm-raid1.c | 3 ++-
drivers/md/dm-unstripe.c | 2 +-
6 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index f192ba38f332..f2ec882f96be 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2780,7 +2780,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
}
ret = -EINVAL;
- if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1) {
+ if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1 || tmpll != (sector_t)tmpll) {
ti->error = "Invalid device sector";
goto bad;
}
diff --git a/drivers/md/dm-delay.c b/drivers/md/dm-delay.c
index 2fb7bb4304ad..fddffe251bf6 100644
--- a/drivers/md/dm-delay.c
+++ b/drivers/md/dm-delay.c
@@ -141,7 +141,7 @@ static int delay_class_ctr(struct dm_target *ti, struct delay_class *c, char **a
unsigned long long tmpll;
char dummy;
- if (sscanf(argv[1], "%llu%c", &tmpll, &dummy) != 1) {
+ if (sscanf(argv[1], "%llu%c", &tmpll, &dummy) != 1 || tmpll != (sector_t)tmpll) {
ti->error = "Invalid device sector";
return -EINVAL;
}
diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c
index 32aabe27b37c..b86d2439ffc7 100644
--- a/drivers/md/dm-flakey.c
+++ b/drivers/md/dm-flakey.c
@@ -213,7 +213,7 @@ static int flakey_ctr(struct dm_target *ti, unsigned int argc, char **argv)
devname = dm_shift_arg(&as);
r = -EINVAL;
- if (sscanf(dm_shift_arg(&as), "%llu%c", &tmpll, &dummy) != 1) {
+ if (sscanf(dm_shift_arg(&as), "%llu%c", &tmpll, &dummy) != 1 || tmpll != (sector_t)tmpll) {
ti->error = "Invalid device sector";
goto bad;
}
diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c
index 2f7c44a006c4..caa08c4b84cd 100644
--- a/drivers/md/dm-linear.c
+++ b/drivers/md/dm-linear.c
@@ -45,7 +45,7 @@ static int linear_ctr(struct dm_target *ti, unsigned int argc, char **argv)
}
ret = -EINVAL;
- if (sscanf(argv[1], "%llu%c", &tmp, &dummy) != 1) {
+ if (sscanf(argv[1], "%llu%c", &tmp, &dummy) != 1 || tmp != (sector_t)tmp) {
ti->error = "Invalid device sector";
goto bad;
}
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
index 79eab1071ec2..5a51151f680d 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -943,7 +943,8 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
char dummy;
int ret;
- if (sscanf(argv[1], "%llu%c", &offset, &dummy) != 1) {
+ if (sscanf(argv[1], "%llu%c", &offset, &dummy) != 1 ||
+ offset != (sector_t)offset) {
ti->error = "Invalid offset";
return -EINVAL;
}
diff --git a/drivers/md/dm-unstripe.c b/drivers/md/dm-unstripe.c
index 954b7ab4e684..e673dacf6418 100644
--- a/drivers/md/dm-unstripe.c
+++ b/drivers/md/dm-unstripe.c
@@ -78,7 +78,7 @@ static int unstripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
goto err;
}
- if (sscanf(argv[4], "%llu%c", &start, &dummy) != 1) {
+ if (sscanf(argv[4], "%llu%c", &start, &dummy) != 1 || start != (sector_t)start) {
ti->error = "Invalid striped device offset";
goto err;
}
--
2.19.1
next prev parent reply other threads:[~2019-01-24 19:54 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-24 19:19 [PATCH 4.19 000/106] 4.19.18-stable review Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 001/106] ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 002/106] mlxsw: spectrum: Disable lag port TX before removing it Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 003/106] mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 004/106] net: dsa: mv88x6xxx: mv88e6390 errata Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 005/106] net, skbuff: do not prefer skb allocation fails early Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 006/106] qmi_wwan: add MTU default to qmap network interface Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 007/106] r8169: Add support for new Realtek Ethernet Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 008/106] ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 009/106] net: clear skb->tstamp in bridge forwarding path Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 010/106] netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 011/106] gpio: pl061: Move irq_chip definition inside struct pl061 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 012/106] drm/amd/display: Guard against null stream_state in set_crc_source Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 013/106] drm/amdkfd: fix interrupt spin lock Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 014/106] ixgbe: allow IPsec Tx offload in VEPA mode Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 015/106] platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 016/106] e1000e: allow non-monotonic SYSTIM readings Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 017/106] usb: typec: tcpm: Do not disconnect link for self powered devices Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 018/106] selftests/bpf: enable (uncomment) all tests in test_libbpf.sh Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 019/106] of: overlay: add missing of_node_put() after add new node to changeset Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 020/106] writeback: dont decrement wb->refcnt if !wb->bdi Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 021/106] serial: set suppress_bind_attrs flag only if builtin Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 022/106] bpf: Allow narrow loads with offset > 0 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 023/106] ALSA: oxfw: add support for APOGEE duet FireWire Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 024/106] x86/mce: Fix -Wmissing-prototypes warnings Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 025/106] MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 026/106] crypto: ecc - regularize scalar for scalar multiplication Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 027/106] arm64: perf: set suppress_bind_attrs flag to true Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 028/106] drm/atomic-helper: Complete fake_commit->flip_done potentially earlier Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 029/106] clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 030/106] samples: bpf: fix: error handling regarding kprobe_events Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 031/106] usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 032/106] fpga: altera-cvp: fix probing for multiple FPGAs on the bus Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 033/106] selinux: always allow mounting submounts Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 034/106] ASoC: pcm3168a: Dont disable pcm3168a when CONFIG_PM defined Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 035/106] scsi: qedi: Check for session online before getting iSCSI TLV data Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 036/106] drm/amdgpu: Reorder uvd ring init before uvd resume Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 037/106] rxe: IB_WR_REG_MR does not capture MRs iova field Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 038/106] efi/libstub: Disable some warnings for x86{,_64} Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 039/106] jffs2: Fix use of uninitialized delayed_work, lockdep breakage Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 040/106] clk: imx: make mux parent strings const Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 041/106] pstore/ram: Do not treat empty buffers as valid Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.19 042/106] media: uvcvideo: Refactor teardown of uvc on USB disconnect Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 043/106] powerpc/xmon: Fix invocation inside lock region Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 044/106] powerpc/pseries/cpuidle: Fix preempt warning Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 045/106] media: firewire: Fix app_info parameter type in avc_ca{,_app}_info Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 046/106] ASoC: use dma_ops of parent device for acp_audio_dma Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 047/106] media: venus: core: Set dma maximum segment size Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 048/106] staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 049/106] net: call sk_dst_reset when set SO_DONTROUTE Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 050/106] scsi: target: use consistent left-aligned ASCII INQUIRY data Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 051/106] scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 052/106] selftests: do not macro-expand failed assertion expressions Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 053/106] arm64: kasan: Increase stack size for KASAN_EXTRA Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 054/106] clk: imx6q: reset exclusive gates on init Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 055/106] arm64: Fix minor issues with the dcache_by_line_op macro Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 056/106] bpf: relax verifier restriction on BPF_MOV | BPF_ALU Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 057/106] kconfig: fix file name and line number of warn_ignored_character() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 058/106] kconfig: fix memory leak when EOF is encountered in quotation Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 059/106] mmc: atmel-mci: do not assume idle after atmci_request_end Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 060/106] btrfs: volumes: Make sure there is no overlap of dev extents at mount time Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 061/106] btrfs: alloc_chunk: fix more DUP stripe size handling Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 062/106] btrfs: fix use-after-free due to race between replace start and cancel Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 063/106] btrfs: improve error handling of btrfs_add_link Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 064/106] tty/serial: do not free trasnmit buffer page under port lock Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 065/106] perf intel-pt: Fix error with config term "pt=0" Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 066/106] perf tests ARM: Disable breakpoint tests 32-bit Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 067/106] perf svghelper: Fix unchecked usage of strncpy() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 068/106] perf parse-events: " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 069/106] perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 070/106] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 071/106] netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 072/106] netfilter: ipt_CLUSTERIP: fix deadlock " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 073/106] x86/topology: Use total_cpus for max logical packages calculation Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 074/106] dm crypt: use u64 instead of sector_t to store iv_offset Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 075/106] dm kcopyd: Fix bug causing workqueue stalls Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 076/106] perf stat: Avoid segfaults caused by negated options Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 077/106] tools lib subcmd: Dont add the kernel sources to the include path Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 078/106] dm snapshot: Fix excessive memory usage and workqueue stalls Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 079/106] perf cs-etm: Correct packets swapping in cs_etm__flush() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 080/106] perf tools: Add missing sigqueue() prototype for systems lacking it Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 081/106] perf tools: Add missing open_memstream() " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 082/106] quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 083/106] clocksource/drivers/integrator-ap: Add missing of_node_put() Greg Kroah-Hartman
2019-01-24 19:20 ` Greg Kroah-Hartman [this message]
2019-01-24 19:20 ` [PATCH 4.19 085/106] Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 086/106] ALSA: bebob: fix model-id of unit for Apogee Ensemble Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 087/106] sysfs: Disable lockdep for driver bind/unbind files Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 088/106] IB/usnic: Fix potential deadlock Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 089/106] scsi: mpt3sas: fix memory ordering on 64bit writes Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 090/106] scsi: smartpqi: correct lun reset issues Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 091/106] ath10k: fix peer stats null pointer dereference Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 092/106] scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 093/106] scsi: megaraid: fix out-of-bound array accesses Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 094/106] iomap: dont search past page end in iomap_is_partially_uptodate Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 095/106] ocfs2: fix panic due to unrecovered local alloc Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 096/106] mm/page-writeback.c: dont break integrity writeback on ->writepage() error Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 097/106] mm/swap: use nr_node_ids for avail_lists in swap_info_struct Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 098/106] userfaultfd: clear flag if remap event not enabled Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 099/106] mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 100/106] iwlwifi: mvm: Send LQ command as async when necessary Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 101/106] Bluetooth: Fix unnecessary error message for HCI request completion Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.19 102/106] ipmi: fix use-after-free of user->release_barrier.rda Greg Kroah-Hartman
2019-01-24 19:21 ` [PATCH 4.19 103/106] ipmi: msghandler: Fix potential Spectre v1 vulnerabilities Greg Kroah-Hartman
2019-01-24 19:21 ` [PATCH 4.19 104/106] ipmi: Prevent use-after-free in deliver_response Greg Kroah-Hartman
2019-01-24 19:21 ` [PATCH 4.19 105/106] ipmi:ssif: Fix handling of multi-part return messages Greg Kroah-Hartman
2019-01-24 19:21 ` [PATCH 4.19 106/106] ipmi: Dont initialize anything in the core until something uses it Greg Kroah-Hartman
2019-01-25 14:51 ` [PATCH 4.19 000/106] 4.19.18-stable review shuah
2019-01-25 16:18 ` Naresh Kamboju
2019-01-25 23:20 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190124190211.481093306@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gmazyland@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=sashal@kernel.org \
--cc=snitzer@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).