From patchwork Tue Aug 21 14:01:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauricio Faria de Oliveira X-Patchwork-Id: 960549 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41vxPX4JWKz9s4v; Wed, 22 Aug 2018 02:45:36 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fs9ma-0002yI-6z; Tue, 21 Aug 2018 16:45:28 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fs7Ec-0002eG-CD for kernel-team@lists.ubuntu.com; Tue, 21 Aug 2018 14:02:14 +0000 Received: from mail-qk0-f197.google.com ([209.85.220.197]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fs7Ec-0006pF-2M for kernel-team@lists.ubuntu.com; Tue, 21 Aug 2018 14:02:14 +0000 Received: by mail-qk0-f197.google.com with SMTP id 123-v6so4351308qkl.3 for ; Tue, 21 Aug 2018 07:02:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=1OoUhs05Pv5jmoFNmV08ZyG5ymNyrMcuyO8qeMjs5ms=; b=Q0/oXol5LpjSp4Rj61MjEC0+7kGpAxrPCESHLjDKpvFIaeK1yKUmctgzSMwVyJnf5x KsCNLxc40+3WVuuN++fSU/mYY7Dg+FJQGHH2sHnRpMIkhdpamXy+dG5MhjKLlzkU8GxU q4CY1hG6zNxapUDnFHOh1D7+qzP04+OEQiRcGmmo//cwn9gh1mss8iM76+3eVkXtBwI1 AwwyfQwCXNAxyYEekPfpjlq8eFgCn/9HF0HIdkMk3/DDZiDzD3zr3CyXbzWQFwhq9dOe Z3rtTk1dKYJOS9SWfIQpypsL93i4anr9qFMC7ad3s53bsu1xZjcrEPzAI90EaKYVM6pg LdQQ== X-Gm-Message-State: AOUpUlHuM5YgiN+c6sJjKx4o9h4AzzF1JGGZwZeWkfgFdIeKtvM+Ufzx n6tUGiuijWtg0bw2H18dyCDLAK0gk7jF0xFU+1MrW0xu0qsOKC6a/1vKvRPOG0YnlbIK2AFTIQB ZnZr1IFDR9xNXYwfpyRTDNFB0WOmfldgeM5OFYxT4gA== X-Received: by 2002:ac8:392e:: with SMTP id s43-v6mr5087275qtb.68.1534860132945; Tue, 21 Aug 2018 07:02:12 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYFYEWS7xTVubjtMkyQNGgi/YLLbYQ1ktHfstYfWP72q2KLoSf1Z8b+ElPt09vrFEEeA57RaA== X-Received: by 2002:ac8:392e:: with SMTP id s43-v6mr5087244qtb.68.1534860132649; Tue, 21 Aug 2018 07:02:12 -0700 (PDT) Received: from localhost.localdomain ([179.159.57.206]) by smtp.gmail.com with ESMTPSA id e65-v6sm5286664qkf.39.2018.08.21.07.02.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Aug 2018 07:02:11 -0700 (PDT) From: Mauricio Faria de Oliveira To: kernel-team@lists.ubuntu.com Subject: [Cosmic][SRU Bionic/Xenial/Trusty][PATCH 1/2] partitions/aix: fix usage of uninitialized lv_info and lvname structures Date: Tue, 21 Aug 2018 11:01:52 -0300 Message-Id: <20180821140153.2848-2-mfo@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180821140153.2848-1-mfo@canonical.com> References: <20180821140153.2848-1-mfo@canonical.com> X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1787281 The if-block that sets a successful return value in aix_partition() uses 'lvip[].pps_per_lv' and 'n[].name' potentially uninitialized. For example, if 'numlvs' is zero or alloc_lvn() fails, neither is initialized, but are used anyway if alloc_pvd() succeeds after it. So, make the alloc_pvd() call conditional on their initialization. This has been hit when attaching an apparently corrupted/stressed AIX LUN, misleading the kernel to pr_warn() invalid data and hang. [...] partition (null) (11 pp's found) is not contiguous [...] partition (null) (2 pp's found) is not contiguous [...] partition (null) (3 pp's found) is not contiguous [...] partition (null) (64 pp's found) is not contiguous Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Jens Axboe (cherry picked from commit 14cb2c8a6c5dae57ee3e2da10fa3db2b9087e39e) Signed-off-by: Mauricio Faria de Oliveira --- block/partitions/aix.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/partitions/aix.c b/block/partitions/aix.c index 007f95eea0e1..850cbd1860d4 100644 --- a/block/partitions/aix.c +++ b/block/partitions/aix.c @@ -178,7 +178,7 @@ int aix_partition(struct parsed_partitions *state) u32 vgda_sector = 0; u32 vgda_len = 0; int numlvs = 0; - struct pvd *pvd; + struct pvd *pvd = NULL; struct lv_info { unsigned short pps_per_lv; unsigned short pps_found; @@ -232,10 +232,11 @@ int aix_partition(struct parsed_partitions *state) if (lvip[i].pps_per_lv) foundlvs += 1; } + /* pvd loops depend on n[].name and lvip[].pps_per_lv */ + pvd = alloc_pvd(state, vgda_sector + 17); } put_dev_sector(sect); } - pvd = alloc_pvd(state, vgda_sector + 17); if (pvd) { int numpps = be16_to_cpu(pvd->pp_count); int psn_part1 = be32_to_cpu(pvd->psn_part1);