From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sebastian Ott <sebott@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>
Subject: [PATCH 4.19 046/114] s390/cio: avoid calling strlen on null pointer
Date: Thu, 10 Oct 2019 10:35:53 +0200 [thread overview]
Message-ID: <20191010083607.728156732@linuxfoundation.org> (raw)
In-Reply-To: <20191010083544.711104709@linuxfoundation.org>
From: Vasily Gorbik <gor@linux.ibm.com>
commit ea298e6ee8b34b3ed4366be7eb799d0650ebe555 upstream.
Fix the following kasan finding:
BUG: KASAN: global-out-of-bounds in ccwgroup_create_dev+0x850/0x1140
Read of size 1 at addr 0000000000000000 by task systemd-udevd.r/561
CPU: 30 PID: 561 Comm: systemd-udevd.r Tainted: G B
Hardware name: IBM 3906 M04 704 (LPAR)
Call Trace:
([<0000000231b3db7e>] show_stack+0x14e/0x1a8)
[<0000000233826410>] dump_stack+0x1d0/0x218
[<000000023216fac4>] print_address_description+0x64/0x380
[<000000023216f5a8>] __kasan_report+0x138/0x168
[<00000002331b8378>] ccwgroup_create_dev+0x850/0x1140
[<00000002332b618a>] group_store+0x3a/0x50
[<00000002323ac706>] kernfs_fop_write+0x246/0x3b8
[<00000002321d409a>] vfs_write+0x132/0x450
[<00000002321d47da>] ksys_write+0x122/0x208
[<0000000233877102>] system_call+0x2a6/0x2c8
Triggered by:
openat(AT_FDCWD, "/sys/bus/ccwgroup/drivers/qeth/group",
O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 16
write(16, "0.0.bd00,0.0.bd01,0.0.bd02", 26) = 26
The problem is that __get_next_id in ccwgroup_create_dev might set "buf"
buffer pointer to NULL and explicit check for that is required.
Cc: stable@vger.kernel.org
Reviewed-by: Sebastian Ott <sebott@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/ccwgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/s390/cio/ccwgroup.c
+++ b/drivers/s390/cio/ccwgroup.c
@@ -372,7 +372,7 @@ int ccwgroup_create_dev(struct device *p
goto error;
}
/* Check for trailing stuff. */
- if (i == num_devices && strlen(buf) > 0) {
+ if (i == num_devices && buf && strlen(buf) > 0) {
rc = -EINVAL;
goto error;
}
next prev parent reply other threads:[~2019-10-10 8:46 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-10 8:35 [PATCH 4.19 000/114] 4.19.79-stable review Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 001/114] s390/process: avoid potential reading of freed stack Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 002/114] KVM: s390: Test for bad access register and size at the start of S390_MEM_OP Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 003/114] s390/topology: avoid firing events before kobjs are created Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 004/114] s390/cio: exclude subchannels with no parent from pseudo check Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 005/114] KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 006/114] KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 007/114] KVM: PPC: Book3S HV: Dont lose pending doorbell request on migration on P9 Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 008/114] KVM: X86: Fix userspace set invalid CR4 Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 009/114] KVM: nVMX: handle page fault in vmread fix Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 010/114] nbd: fix max number of supported devs Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 011/114] PM / devfreq: tegra: Fix kHz to Hz conversion Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 012/114] ASoC: Define a set of DAPM pre/post-up events Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 013/114] ASoC: sgtl5000: Improve VAG power and mute control Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 014/114] powerpc/mce: Fix MCE handling for huge pages Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 015/114] powerpc/mce: Schedule work from irq_work Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 016/114] powerpc/powernv: Restrict OPAL symbol map to only be readable by root Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 017/114] powerpc/powernv/ioda: Fix race in TCE level allocation Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 018/114] powerpc/book3s64/mm: Dont do tlbie fixup for some hardware revisions Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 019/114] can: mcp251x: mcp251x_hw_reset(): allow more time after a reset Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 020/114] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 021/114] crypto: qat - Silence smp_processor_id() warning Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 022/114] crypto: skcipher - Unmap pages after an external error Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 023/114] crypto: cavium/zip - Add missing single_release() Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 024/114] crypto: caam - fix concurrency issue in givencrypt descriptor Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 025/114] crypto: ccree - account for TEE not ready to report Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 026/114] crypto: ccree - use the full crypt length value Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 027/114] MIPS: Treat Loongson Extensions as ASEs Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 028/114] power: supply: sbs-battery: use correct flags field Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 029/114] power: supply: sbs-battery: only return health when battery present Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 030/114] tracing: Make sure variable reference alias has correct var_ref_idx Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 031/114] usercopy: Avoid HIGHMEM pfn warning Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 032/114] timer: Read jiffies once when forwarding base clk Greg Kroah-Hartman
2019-10-13 15:47 ` Pavel Machek
2019-10-10 8:35 ` [PATCH 4.19 033/114] PCI: vmd: Fix shadow offsets to reflect spec changes Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 034/114] PCI: Restore Resizable BAR size bits correctly for 1MB BARs Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 035/114] watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 036/114] perf stat: Fix a segmentation fault when using repeat forever Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 037/114] drm/omap: fix max fclk divider for omap36xx Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 038/114] drm/msm/dsi: Fix return value check for clk_get_parent Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 039/114] drm/nouveau/kms/nv50-: Dont create MSTMs for eDP connectors Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 040/114] drm/i915/gvt: update vgpu workload head pointer correctly Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 041/114] mmc: sdhci: improve ADMA error reporting Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 042/114] mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 043/114] Revert "locking/pvqspinlock: Dont wait if vCPU is preempted" Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 044/114] xen/xenbus: fix self-deadlock after killing user process Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 045/114] ieee802154: atusb: fix use-after-free at disconnect Greg Kroah-Hartman
2019-10-10 8:35 ` Greg Kroah-Hartman [this message]
2019-10-10 8:35 ` [PATCH 4.19 047/114] cfg80211: initialize on-stack chandefs Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 048/114] arm64: cpufeature: Detect SSBS and advertise to userspace Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 049/114] ima: always return negative code for error Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 050/114] ima: fix freeing ongoing ahash_request Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 051/114] fs: nfs: Fix possible null-pointer dereferences in encode_attrs() Greg Kroah-Hartman
2019-10-10 8:35 ` [PATCH 4.19 052/114] 9p: Transport error uninitialized Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 053/114] 9p: avoid attaching writeback_fid on mmap with type PRIVATE Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 054/114] xen/pci: reserve MCFG areas earlier Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 055/114] ceph: fix directories inode i_blkbits initialization Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 056/114] ceph: reconnect connection if session hang in opening state Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 057/114] watchdog: aspeed: Add support for AST2600 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 058/114] netfilter: nf_tables: allow lookups in dynamic sets Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 059/114] drm/amdgpu: Fix KFD-related kernel oops on Hawaii Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 060/114] drm/amdgpu: Check for valid number of registers to read Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 061/114] pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 062/114] pwm: stm32-lp: Add check in case requested period cannot be achieved Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 063/114] x86/purgatory: Disable the stackleak GCC plugin for the purgatory Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 064/114] ntb: point to right memory window index Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 065/114] thermal: Fix use-after-free when unregistering thermal zone device Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 066/114] thermal_hwmon: Sanitize thermal_zone type Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 067/114] libnvdimm/region: Initialize bad block for volatile namespaces Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 068/114] fuse: fix memleak in cuse_channel_open Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 069/114] libnvdimm/nfit_test: Fix acpi_handle redefinition Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 070/114] sched/membarrier: Call sync_core only before usermode for same mm Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 071/114] sched/membarrier: Fix private expedited registration check Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 072/114] sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 073/114] perf build: Add detection of java-11-openjdk-devel package Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 074/114] kernel/elfcore.c: include proper prototypes Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 075/114] perf unwind: Fix libunwind build failure on i386 systems Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 076/114] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 077/114] drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 078/114] KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 079/114] KVM: nVMX: Fix consistency check on injected exception error code Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 080/114] nbd: fix crash when the blksize is zero Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 081/114] powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 082/114] powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag Greg Kroah-Hartman
2019-10-11 11:21 ` Pavel Machek
2019-10-11 12:58 ` Greg Kroah-Hartman
2019-10-11 16:05 ` Sasha Levin
2019-10-10 8:36 ` [PATCH 4.19 083/114] tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 084/114] tick: broadcast-hrtimer: Fix a race in bc_set_next Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 086/114] perf stat: Reset previous counts on repeat with interval Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 087/114] drm/i915/userptr: Acquire the page lock around set_page_dirty() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 088/114] riscv: Avoid interrupts being erroneously enabled in handle_exception() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 089/114] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 090/114] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 091/114] arm64: docs: Document SSBS HWCAP Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 092/114] arm64: fix SSBS sanitization Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 093/114] arm64: Add sysfs vulnerability show for spectre-v1 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 094/114] arm64: add sysfs vulnerability show for meltdown Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 095/114] arm64: enable generic CPU vulnerabilites support Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 096/114] arm64: Always enable ssb vulnerability detection Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 097/114] arm64: Provide a command line to disable spectre_v2 mitigation Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 098/114] arm64: Advertise mitigation of Spectre-v2, or lack thereof Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 099/114] arm64: Always enable spectre-v2 vulnerability detection Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 100/114] arm64: add sysfs vulnerability show for spectre-v2 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 101/114] arm64: add sysfs vulnerability show for speculative store bypass Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 102/114] arm64: ssbs: Dont treat CPUs with SSBS as unaffected by SSB Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 103/114] arm64: Force SSBS on context switch Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 104/114] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 105/114] arm64/speculation: Support mitigations= cmdline option Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 106/114] vfs: Fix EOVERFLOW testing in put_compat_statfs64 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 107/114] coresight: etm4x: Use explicit barriers on enable/disable Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 108/114] staging: erofs: fix an error handling in erofs_readdir() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 109/114] staging: erofs: some compressed cluster should be submitted for corrupted images Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 110/114] staging: erofs: add two missing erofs_workgroup_put " Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 111/114] staging: erofs: detect potential multiref due to " Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.19 112/114] cfg80211: add and use strongly typed element iteration macros Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.19 113/114] cfg80211: Use const more consistently in for_each_element macros Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.19 114/114] nl80211: validate beacon head Greg Kroah-Hartman
2019-10-10 14:41 ` [PATCH 4.19 000/114] 4.19.79-stable review kernelci.org bot
2019-10-10 17:04 ` Naresh Kamboju
2019-10-10 22:19 ` Guenter Roeck
2019-10-10 23:03 ` Didik Setiawan
2019-10-11 3:05 ` shuah
2019-10-11 8:33 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191010083607.728156732@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gor@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sebott@linux.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).