From patchwork Wed Aug 15 22:07:30 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mauricio Faria de Oliveira <mfo@canonical.com>
X-Patchwork-Id: 960552
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41vxPY314Wz9s8T;
	Wed, 22 Aug 2018 02:45:37 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fs9mc-0002yv-CF; Tue, 21 Aug 2018 16:45:30 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <mfo@canonical.com>) id 1fq3xF-0005RA-JI
	for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 22:07:49 +0000
Received: from mail-qt0-f199.google.com ([209.85.216.199])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <mfo@canonical.com>) id 1fq3xF-0008Gz-9q
	for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 22:07:49 +0000
Received: by mail-qt0-f199.google.com with SMTP id b7-v6so2105819qtp.14
	for <kernel-team@lists.ubuntu.com>;
	Wed, 15 Aug 2018 15:07:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=1OoUhs05Pv5jmoFNmV08ZyG5ymNyrMcuyO8qeMjs5ms=;
	b=gQZHN+njb6/GGQa7L8VB70GmyEfavQKMLnjwAlmNfVW9DBtwGkte60HKEAj4WwoTuY
	n8ZrD1jz24/wUj5/Q8JPj4mceF6IY9vMb+nP+f6yvgI9l4HE173AUsF8iKTVfbRgPENs
	FoyZlobfSbKed3XidUSjJXQbDOhw6g/MGVIinCRiHTH0Fn27axdGQtM7vwrP/qjn+m4V
	ny4K7pPBhY5yZazjmYUl5F8X6YH5s9Tcf6hO8S2/ynFRGAy0af6WsoAwH2pwKve9LNyC
	yeNTqf2vb9cthyuNZPo0kC3BkoW4DMGZrICJJ8b8pNfMFgFFR/dBmE5vQdXkF2GZBs2b
	kAbA==
X-Gm-Message-State: AOUpUlEax1ZNo+n6ohrV3g+1EFl9XdKMOkmcYRQHoV6WWKsBNK1y1ewG
	+ITRJvuN2vKnKiIPpGRZUcwJKxTF5eXRpMorTmFstnu4dG4ukepAef/m2y8mKp9F/i8oznH0s4h
	rlJopLEqC7c427L8X4PmaIBIdhNP7opRKxAbmVMVrMA==
X-Received: by 2002:a37:8903:: with SMTP id
	l3-v6mr25688451qkd.337.1534370868292;
	Wed, 15 Aug 2018 15:07:48 -0700 (PDT)
X-Google-Smtp-Source: 
 AA+uWPx3+0QAGKszTWuweWd8MaLUIDf+QIRpL8QynikN3aXKDdixuBLAKH0TcBhdUB+dESjqlbT3rQ==
X-Received: by 2002:a37:8903:: with SMTP id
	l3-v6mr25688441qkd.337.1534370868138;
	Wed, 15 Aug 2018 15:07:48 -0700 (PDT)
Received: from localhost.localdomain
	([2804:14c:482:77dd:755a:ff85:9f62:6fb1])
	by smtp.gmail.com with ESMTPSA id
	o26-v6sm15905080qtk.4.2018.08.15.15.07.46
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 15 Aug 2018 15:07:47 -0700 (PDT)
From: Mauricio Faria de Oliveira <mfo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [Cosmic][SRU Bionic/Xenial/Trusty][PATCH 1/2] partitions/aix: fix
	usage of uninitialized lv_info and lvname structures
Date: Wed, 15 Aug 2018 19:07:30 -0300
Message-Id: <20180815220731.29176-2-mfo@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180815220731.29176-1-mfo@canonical.com>
References: <20180815220731.29176-1-mfo@canonical.com>
X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1787281

The if-block that sets a successful return value in aix_partition()
uses 'lvip[].pps_per_lv' and 'n[].name' potentially uninitialized.

For example, if 'numlvs' is zero or alloc_lvn() fails, neither is
initialized, but are used anyway if alloc_pvd() succeeds after it.

So, make the alloc_pvd() call conditional on their initialization.

This has been hit when attaching an apparently corrupted/stressed
AIX LUN, misleading the kernel to pr_warn() invalid data and hang.

    [...] partition (null) (11 pp's found) is not contiguous
    [...] partition (null) (2 pp's found) is not contiguous
    [...] partition (null) (3 pp's found) is not contiguous
    [...] partition (null) (64 pp's found) is not contiguous

Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files")
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit 14cb2c8a6c5dae57ee3e2da10fa3db2b9087e39e)
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 block/partitions/aix.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/partitions/aix.c b/block/partitions/aix.c
index 007f95eea0e1..850cbd1860d4 100644
--- a/block/partitions/aix.c
+++ b/block/partitions/aix.c
@@ -178,7 +178,7 @@ int aix_partition(struct parsed_partitions *state)
 	u32 vgda_sector = 0;
 	u32 vgda_len = 0;
 	int numlvs = 0;
-	struct pvd *pvd;
+	struct pvd *pvd = NULL;
 	struct lv_info {
 		unsigned short pps_per_lv;
 		unsigned short pps_found;
@@ -232,10 +232,11 @@ int aix_partition(struct parsed_partitions *state)
 				if (lvip[i].pps_per_lv)
 					foundlvs += 1;
 			}
+			/* pvd loops depend on n[].name and lvip[].pps_per_lv */
+			pvd = alloc_pvd(state, vgda_sector + 17);
 		}
 		put_dev_sector(sect);
 	}
-	pvd = alloc_pvd(state, vgda_sector + 17);
 	if (pvd) {
 		int numpps = be16_to_cpu(pvd->pp_count);
 		int psn_part1 = be32_to_cpu(pvd->psn_part1);

From patchwork Wed Aug 15 22:07:31 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mauricio Faria de Oliveira <mfo@canonical.com>
X-Patchwork-Id: 960553
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41vxPY3HCTz9s8f;
	Wed, 22 Aug 2018 02:45:37 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fs9ma-0002xz-0P; Tue, 21 Aug 2018 16:45:28 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <mfo@canonical.com>) id 1fq3xH-0005RG-CU
	for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 22:07:51 +0000
Received: from mail-qt0-f197.google.com ([209.85.216.197])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <mfo@canonical.com>) id 1fq3xH-0008HF-2x
	for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 22:07:51 +0000
Received: by mail-qt0-f197.google.com with SMTP id n25-v6so2122041qtk.2
	for <kernel-team@lists.ubuntu.com>;
	Wed, 15 Aug 2018 15:07:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=00rLUXHQljQw192Q4G695XqmoL5sduBL15+QZOnpXYQ=;
	b=dJBMOl0lF5zoRQ/iC3Wz249bVdhODzAmN7s/UAwJ4rXIwGvJzLyq0OIYDSqAYDKWZX
	VEbqWcMd4dtTUfP6UCBi/n2H/ssBYW3up8y/omr5jlvl6C0bkfVRR7KnShmjG6JaHtUM
	xiDa7mWZnzEbJejkRa4E95faFxoMzWj3p/UA+DmkiHoSYM1+EjiSmyHuWXc4p1Dcn3DK
	629qxqVlfUC9uoVRNwCPKO78FJucmsnpKMSytkzqkDS4K1mGlm5rToWU3Z8bQbdZhpu7
	p43uXvh4PCyZnsLdia66rro6/AqCB+J4D8GBDioKhKC17IoZTFXsGZpZW/inDmFf6CHE
	hhxw==
X-Gm-Message-State: AOUpUlHbpRKflfmJIL/wXwKaL6MYa+tiQgw0O8hkYTuw2KqjvZ18NFMP
	MJ5lUpCAxV1R8LUYhuJ4drCRf+NQ22cnZ1+YdSgCpRsaEisTj7dQLuF5Byn3yRgNZre8t+mOntV
	BSLxTiYv5kh9itSIZ/lTt/+/Fq518C3xV1oe003LNzQ==
X-Received: by 2002:a0c:d0bb:: with SMTP id
	z56-v6mr24598164qvg.139.1534370870035;
	Wed, 15 Aug 2018 15:07:50 -0700 (PDT)
X-Google-Smtp-Source: 
 AA+uWPx/pW5WIkwog7dEZTyY+spTfiq1aIKaz+2tZkayD29REm1Ky9Bhg4hEB8kV0blgC0svzpGnGg==
X-Received: by 2002:a0c:d0bb:: with SMTP id
	z56-v6mr24598152qvg.139.1534370869877;
	Wed, 15 Aug 2018 15:07:49 -0700 (PDT)
Received: from localhost.localdomain
	([2804:14c:482:77dd:755a:ff85:9f62:6fb1])
	by smtp.gmail.com with ESMTPSA id
	o26-v6sm15905080qtk.4.2018.08.15.15.07.48
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 15 Aug 2018 15:07:49 -0700 (PDT)
From: Mauricio Faria de Oliveira <mfo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [Cosmic][SRU Bionic/Xenial/Trusty][PATCH 2/2] partitions/aix: append
	null character to print data from disk
Date: Wed, 15 Aug 2018 19:07:31 -0300
Message-Id: <20180815220731.29176-3-mfo@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180815220731.29176-1-mfo@canonical.com>
References: <20180815220731.29176-1-mfo@canonical.com>
X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1787281

Even if properly initialized, the lvname array (i.e., strings)
is read from disk, and might contain corrupt data (e.g., lack
the null terminating character for strings).

So, make sure the partition name string used in pr_warn() has
the null terminating character.

Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files")
Suggested-by: Daniel J. Axtens <daniel.axtens@canonical.com>
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit d43fdae7bac2def8c4314b5a49822cb7f08a45f1)
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 block/partitions/aix.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/partitions/aix.c b/block/partitions/aix.c
index 850cbd1860d4..903f3ed175d0 100644
--- a/block/partitions/aix.c
+++ b/block/partitions/aix.c
@@ -283,10 +283,14 @@ int aix_partition(struct parsed_partitions *state)
 				next_lp_ix += 1;
 		}
 		for (i = 0; i < state->limit; i += 1)
-			if (lvip[i].pps_found && !lvip[i].lv_is_contiguous)
+			if (lvip[i].pps_found && !lvip[i].lv_is_contiguous) {
+				char tmp[sizeof(n[i].name) + 1]; // null char
+
+				snprintf(tmp, sizeof(tmp), "%s", n[i].name);
 				pr_warn("partition %s (%u pp's found) is "
 					"not contiguous\n",
-					n[i].name, lvip[i].pps_found);
+					tmp, lvip[i].pps_found);
+			}
 		kfree(pvd);
 	}
 	kfree(n);