From patchwork Wed Aug 15 20:58:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauricio Faria de Oliveira X-Patchwork-Id: 960556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41vxPg063Wz9s8T; Wed, 22 Aug 2018 02:45:43 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fs9mf-00031C-9B; Tue, 21 Aug 2018 16:45:33 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fq2sD-0000Jv-KG for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:33 +0000 Received: from mail-qk0-f197.google.com ([209.85.220.197]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fq2sD-0002TN-AV for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:33 +0000 Received: by mail-qk0-f197.google.com with SMTP id o18-v6so2306459qko.21 for ; Wed, 15 Aug 2018 13:58:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=1OoUhs05Pv5jmoFNmV08ZyG5ymNyrMcuyO8qeMjs5ms=; b=UMmrFuaq4S5/yjAr/EzNeBZH2c9xCRT+CivFnsn6eV3bgD3XPQJxX5/dnRheUE6Vfz rrPQTuF4mAkTP5t0mko1DNQ8+fsZUT4AZ9Hf36H09LTGqCLZ6wUYENtFprG1s6eXTJ6a kFA0Cuwb/qmVBtx6AdcDdMgb4xo3HJShf+nG+YV1L+XNeq0JfmWUZzd3p/S5iESRhy3x gwQQ/1Z3lIIFXoBc906KX7BhAWODu+W2YMnoWthXDnu+08tlTZavxGwq2NQzNKX/0kVd +YjkRP/6fumHdZ3jsbqy67khk46jnCYdl0GheW9uX7767ywQeF2S8VgX9iCDoFnpf53K u7Kw== X-Gm-Message-State: AOUpUlHr10gqGHO727Qk+JOVt78IN8LPs8ne6QLneebUOvtyuul8Xqed f6H6VuirQjNH0yhy7d1s4wZNsUC6lCVEmz5E5aBrfYNiXwUdlkEKM1r+yAiy/8rdlrl7Ijnfqjs kqlEeqVSxGw+mJ7LMuAJ+cYXjvXwVF7G5rRcxl6UZ0Q== X-Received: by 2002:ac8:71c9:: with SMTP id i9-v6mr26397478qtp.22.1534366712404; Wed, 15 Aug 2018 13:58:32 -0700 (PDT) X-Google-Smtp-Source: AA+uWPx6EuU/iF01rnPWr8Hw2+QcPwhcGT9YI5H+B99cU+uvxW6LqPtjawke5SuNC3oQVphSF0nZwQ== X-Received: by 2002:ac8:71c9:: with SMTP id i9-v6mr26397473qtp.22.1534366712251; Wed, 15 Aug 2018 13:58:32 -0700 (PDT) Received: from localhost.localdomain ([2804:14c:482:77dd:755a:ff85:9f62:6fb1]) by smtp.gmail.com with ESMTPSA id c11-v6sm14157290qkb.22.2018.08.15.13.58.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Aug 2018 13:58:31 -0700 (PDT) From: Mauricio Faria de Oliveira To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/2] partitions/aix: fix usage of uninitialized lv_info and lvname structures Date: Wed, 15 Aug 2018 17:58:14 -0300 Message-Id: <20180815205815.18380-2-mfo@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180815205815.18380-1-mfo@canonical.com> References: <20180815205815.18380-1-mfo@canonical.com> X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1787281 The if-block that sets a successful return value in aix_partition() uses 'lvip[].pps_per_lv' and 'n[].name' potentially uninitialized. For example, if 'numlvs' is zero or alloc_lvn() fails, neither is initialized, but are used anyway if alloc_pvd() succeeds after it. So, make the alloc_pvd() call conditional on their initialization. This has been hit when attaching an apparently corrupted/stressed AIX LUN, misleading the kernel to pr_warn() invalid data and hang. [...] partition (null) (11 pp's found) is not contiguous [...] partition (null) (2 pp's found) is not contiguous [...] partition (null) (3 pp's found) is not contiguous [...] partition (null) (64 pp's found) is not contiguous Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Jens Axboe (cherry picked from commit 14cb2c8a6c5dae57ee3e2da10fa3db2b9087e39e) Signed-off-by: Mauricio Faria de Oliveira --- block/partitions/aix.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/partitions/aix.c b/block/partitions/aix.c index 007f95eea0e1..850cbd1860d4 100644 --- a/block/partitions/aix.c +++ b/block/partitions/aix.c @@ -178,7 +178,7 @@ int aix_partition(struct parsed_partitions *state) u32 vgda_sector = 0; u32 vgda_len = 0; int numlvs = 0; - struct pvd *pvd; + struct pvd *pvd = NULL; struct lv_info { unsigned short pps_per_lv; unsigned short pps_found; @@ -232,10 +232,11 @@ int aix_partition(struct parsed_partitions *state) if (lvip[i].pps_per_lv) foundlvs += 1; } + /* pvd loops depend on n[].name and lvip[].pps_per_lv */ + pvd = alloc_pvd(state, vgda_sector + 17); } put_dev_sector(sect); } - pvd = alloc_pvd(state, vgda_sector + 17); if (pvd) { int numpps = be16_to_cpu(pvd->pp_count); int psn_part1 = be32_to_cpu(pvd->psn_part1);