TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
v6.6.90
twx-linux/drivers/md
History
Tudor Ambarus ed3248a403 dm: fix copying after src array boundaries 
commit f1aff4bc199cb92c055668caed65505e3b4d2656 upstream.

The blammed commit copied to argv the size of the reallocated argv,
instead of the size of the old_argv, thus reading and copying from
past the old_argv allocated memory.

Following BUG_ON was hit:
[    3.038929][    T1] kernel BUG at lib/string_helpers.c:1040!
[    3.039147][    T1] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
...
[    3.056489][    T1] Call trace:
[    3.056591][    T1]  __fortify_panic+0x10/0x18 (P)
[    3.056773][    T1]  dm_split_args+0x20c/0x210
[    3.056942][    T1]  dm_table_add_target+0x13c/0x360
[    3.057132][    T1]  table_load+0x110/0x3ac
[    3.057292][    T1]  dm_ctl_ioctl+0x424/0x56c
[    3.057457][    T1]  __arm64_sys_ioctl+0xa8/0xec
[    3.057634][    T1]  invoke_syscall+0x58/0x10c
[    3.057804][    T1]  el0_svc_common+0xa8/0xdc
[    3.057970][    T1]  do_el0_svc+0x1c/0x28
[    3.058123][    T1]  el0_svc+0x50/0xac
[    3.058266][    T1]  el0t_64_sync_handler+0x60/0xc4
[    3.058452][    T1]  el0t_64_sync+0x1b0/0x1b4
[    3.058620][    T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)
[    3.058897][    T1] ---[ end trace 0000000000000000 ]---
[    3.059083][    T1] Kernel panic - not syncing: Oops - BUG: Fatal exception

Fix it by copying the size of src, and not the size of dst, as it was.

Fixes: 5a2a6c428190 ("dm: always update the array size in realloc_argv on success")
Cc: stable@vger.kernel.org
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-09 09:44:08 +02:00
..
bcache bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again 2024-12-14 19:59:55 +01:00
persistent-data dm array: fix cursor index when skipping across block boundaries 2025-01-17 13:36:10 +01:00
dm-audit.c dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-audit.h
dm-bio-prison-v1.c dm: improve hash_locks sizing and hash function 2023-03-30 15:57:51 -04:00
dm-bio-prison-v1.h dm bio prison v1: add dm_cell_key_has_valid_range 2023-03-30 15:57:51 -04:00
dm-bio-prison-v2.c dm: address space issues relative to switch/while/for/... 2023-02-14 14:23:06 -05:00
dm-bio-prison-v2.h dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-bio-record.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-bufio.c dm-bufio: don't schedule in atomic context 2025-05-09 09:43:52 +02:00
dm-builtin.c dm: adjust EXPORT_SYMBOL() to follow functions immediately 2023-02-14 14:23:07 -05:00
dm-cache-background-tracker.c dm-cache: fix warnings about duplicate slab caches 2024-12-09 10:32:40 +01:00
dm-cache-background-tracker.h dm-cache: fix warnings about duplicate slab caches 2024-12-09 10:32:40 +01:00
dm-cache-block-types.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-cache-metadata.c Revert "mm: shrinkers: convert shrinker_rwsem to mutex" 2023-06-19 13:19:33 -07:00
dm-cache-metadata.h dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-cache-policy-internal.h dm: add missing empty lines 2023-02-14 14:23:06 -05:00
dm-cache-policy-smq.c dm cache policy smq: ensure IO doesn't prevent cleaner policy progress 2023-07-25 11:55:50 -04:00
dm-cache-policy.c dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-cache-policy.h dm: address indent/space issues 2023-02-14 14:23:06 -05:00
dm-cache-target.c dm-cache: fix warnings about duplicate slab caches 2024-12-09 10:32:40 +01:00
dm-clone-metadata.c bitmap: introduce generic optimized bitmap_size() 2024-08-29 17:33:14 +02:00
dm-clone-metadata.h
dm-clone-target.c block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00
dm-core.h dm: limit the number of targets and parameter size area 2024-02-23 09:25:27 +01:00
dm-crypt.c dm-crypt: track tag_offset in convert_context 2025-02-17 09:40:25 +01:00
dm-delay.c dm-delay: fix a race between delay_presuspend and delay_bio 2023-12-03 07:33:09 +01:00
dm-dust.c dm: add helper macro for simple DM target module init and exit 2023-04-11 12:09:08 -04:00
dm-ebs-target.c dm-ebs: fix prefetch-vs-suspend race 2025-04-25 10:45:33 +02:00
dm-era-target.c block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00
dm-exception-store.c dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-exception-store.h dm: avoid spaces before function arguments or in favour of tabs 2023-02-14 14:23:06 -05:00
dm-flakey.c dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature 2025-03-22 12:50:47 -07:00
dm-ima.c dm: avoid inline filenames 2023-02-14 14:23:07 -05:00
dm-ima.h dm: avoid inline filenames 2023-02-14 14:23:07 -05:00
dm-init.c dm init: Handle minors larger than 255 2024-09-12 11:11:35 +02:00
dm-integrity.c dm-integrity: fix a warning on invalid table line 2025-05-09 09:43:52 +02:00
dm-io-rewind.c dm: avoid void function return statements 2023-02-14 14:23:07 -05:00
dm-io-tracker.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-io.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-ioctl.c dm resume: don't return EINVAL when signalled 2024-08-29 17:33:13 +02:00
dm-kcopyd.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-linear.c dm: remove unnecessary (void*) conversions 2023-04-11 12:01:01 -04:00
dm-log-userspace-base.c dm: avoid void function return statements 2023-02-14 14:23:07 -05:00
dm-log-userspace-transfer.c dm: avoid split of quoted strings where possible 2023-02-14 14:23:07 -05:00
dm-log-userspace-transfer.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-log-writes.c dm: add helper macro for simple DM target module init and exit 2023-04-11 12:09:08 -04:00
dm-log.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-mpath.c dm: push error reporting down to dm_register_target() 2023-04-11 12:01:01 -04:00
dm-mpath.h dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-path-selector.c dm: adjust EXPORT_SYMBOL() to follow functions immediately 2023-02-14 14:23:07 -05:00
dm-path-selector.h dm: avoid spaces before function arguments or in favour of tabs 2023-02-14 14:23:06 -05:00
dm-ps-historical-service-time.c dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-ps-io-affinity.c dm: address space issues relative to switch/while/for/... 2023-02-14 14:23:06 -05:00
dm-ps-queue-length.c dm: avoid spaces before function arguments or in favour of tabs 2023-02-14 14:23:06 -05:00
dm-ps-round-robin.c dm: correct block comments format. 2023-02-14 14:23:06 -05:00
dm-ps-service-time.c dm: avoid spaces before function arguments or in favour of tabs 2023-02-14 14:23:06 -05:00
dm-raid1.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-raid.c dm-raid: fix lockdep waring in "pers->hot_add_disk" 2024-04-03 15:28:26 +02:00
dm-region-hash.c dm: correct block comments format. 2023-02-14 14:23:06 -05:00
dm-rq.c Revert "dm: requeue IO if mapping table not yet available" 2024-10-04 16:29:40 +02:00
dm-rq.h dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-snap-persistent.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-snap-transient.c dm: avoid split of quoted strings where possible 2023-02-14 14:23:07 -05:00
dm-snap.c dm snapshot: fix lockup in dm_exception_table_exit 2024-04-03 15:28:37 +02:00
dm-stats.c dm stats: check for and propagate alloc_percpu failure 2023-03-16 13:37:06 -04:00
dm-stats.h dm stats: check for and propagate alloc_percpu failure 2023-03-16 13:37:06 -04:00
dm-stripe.c dm: remove unnecessary (void*) conversions 2023-04-11 12:01:01 -04:00
dm-switch.c dm: add helper macro for simple DM target module init and exit 2023-04-11 12:09:08 -04:00
dm-sysfs.c dm sysfs: make kobj_type structure constant 2023-02-14 14:23:08 -05:00
dm-table.c dm: fix copying after src array boundaries 2025-05-09 09:44:08 +02:00
dm-target.c dm: push error reporting down to dm_register_target() 2023-04-11 12:01:01 -04:00
dm-thin-metadata.c - Update DM crypt to allocate compound pages if possible. 2023-06-30 12:16:00 -07:00
dm-thin-metadata.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-thin.c dm thin: make get_first_thin use rcu-safe list first function 2025-01-17 13:36:17 +01:00
dm-uevent.c dm: avoid spaces before function arguments or in favour of tabs 2023-02-14 14:23:06 -05:00
dm-uevent.h dm: fix undue/missing spaces 2023-02-14 14:23:06 -05:00
dm-unstripe.c dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow 2024-11-14 13:19:37 +01:00
dm-verity-fec.c dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) 2025-01-17 13:36:19 +01:00
dm-verity-fec.h dm: change "unsigned" to "unsigned int" 2023-02-14 14:23:06 -05:00
dm-verity-loadpin.c dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter 2023-06-28 10:43:04 -07:00
dm-verity-target.c dm-verity: fix prefetch-vs-suspend race 2025-04-25 10:45:34 +02:00
dm-verity-verify-sig.c dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-verity-verify-sig.h dm: add missing SPDX-License-Indentifiers 2023-02-14 14:23:06 -05:00
dm-verity.h dm-verity, dm-crypt: align "struct bvec_iter" correctly 2024-03-26 18:19:12 -04:00
dm-writecache.c dm io: Support IO priority 2024-03-26 18:20:13 -04:00
dm-zero.c dm: add helper macro for simple DM target module init and exit 2023-04-11 12:09:08 -04:00
dm-zone.c dm zone: Use the bitmap API to allocate bitmaps 2023-06-16 18:24:13 -04:00
dm-zoned-metadata.c dm: dm-zoned: use __bio_add_page for adding single metadata page 2023-05-31 09:50:02 -06:00
dm-zoned-reclaim.c
dm-zoned-target.c dm zoned: free dmz->ddev array in dmz_put_zoned_devices 2023-09-20 13:48:06 -04:00
dm-zoned.h
dm.c Revert "dm: requeue IO if mapping table not yet available" 2024-10-04 16:29:40 +02:00
dm.h dm: remove stale/redundant dm_internal_{suspend,resume} prototypes in dm.h 2023-06-16 18:24:14 -04:00
Kconfig dm audit: fix Kconfig so DM_AUDIT depends on BLK_DEV_DM 2024-01-20 11:51:45 +01:00
Makefile
md-autodetect.c init: improve the name_to_dev_t interface 2023-06-05 10:56:46 -06:00
md-bitmap.c md/md-bitmap: fix stats collection for external bitmaps 2025-04-25 10:45:39 +02:00
md-bitmap.h md/md-bitmap: add 'sync_size' into struct md_bitmap_stats 2025-02-27 04:10:44 -08:00
md-cluster.c md/md-bitmap: add 'sync_size' into struct md_bitmap_stats 2025-02-27 04:10:44 -08:00
md-cluster.h
md-faulty.c md/md-faulty: enable io accounting 2023-07-27 00:13:30 -07:00
md-linear.c md/md-linear: enable io accounting 2023-07-27 00:13:30 -07:00
md-linear.h
md-multipath.c md/md-multipath: enable io accounting 2023-07-27 00:13:29 -07:00
md-multipath.h
md.c md: fix mddev uaf while iterating all_mddevs list 2025-04-25 10:45:54 +02:00
md.h md: use separate work_struct for md_start_sync() 2025-02-27 04:10:44 -08:00
raid0.c md: raid0: account for split bio in iostat accounting 2023-08-17 21:11:31 -07:00
raid0.h md/raid0: add discard support for the 'original' layout 2023-06-30 15:43:50 -07:00
raid1-10.c md/raid1-10: fix casting from randomized structure in raid1_submit_write() 2023-06-23 09:33:16 -07:00
raid1.c md/raid1: Add check for missing source disk in process_checks() 2025-05-02 07:51:02 +02:00
raid1.h md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() 2025-02-21 13:57:26 +01:00
raid5-cache.c md/md-bitmap: move bitmap_{start, end}write to md upper layer 2025-02-21 13:57:26 +01:00
raid5-log.h
raid5-ppl.c md: raid5: use __bio_add_page to add single page to new bio 2023-05-31 09:50:02 -06:00
raid5.c md/md-bitmap: move bitmap_{start, end}write to md upper layer 2025-02-21 13:57:26 +01:00
raid5.h md/md-bitmap: move bitmap_{start, end}write to md upper layer 2025-02-21 13:57:26 +01:00
raid10.c md/raid10: fix missing discard IO accounting 2025-04-25 10:45:39 +02:00
raid10.h md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() 2025-02-21 13:57:26 +01:00