From patchwork Wed Aug 15 20:58:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauricio Faria de Oliveira X-Patchwork-Id: 960556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41vxPg063Wz9s8T; Wed, 22 Aug 2018 02:45:43 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fs9mf-00031C-9B; Tue, 21 Aug 2018 16:45:33 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fq2sD-0000Jv-KG for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:33 +0000 Received: from mail-qk0-f197.google.com ([209.85.220.197]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fq2sD-0002TN-AV for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:33 +0000 Received: by mail-qk0-f197.google.com with SMTP id o18-v6so2306459qko.21 for ; Wed, 15 Aug 2018 13:58:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=1OoUhs05Pv5jmoFNmV08ZyG5ymNyrMcuyO8qeMjs5ms=; b=UMmrFuaq4S5/yjAr/EzNeBZH2c9xCRT+CivFnsn6eV3bgD3XPQJxX5/dnRheUE6Vfz rrPQTuF4mAkTP5t0mko1DNQ8+fsZUT4AZ9Hf36H09LTGqCLZ6wUYENtFprG1s6eXTJ6a kFA0Cuwb/qmVBtx6AdcDdMgb4xo3HJShf+nG+YV1L+XNeq0JfmWUZzd3p/S5iESRhy3x gwQQ/1Z3lIIFXoBc906KX7BhAWODu+W2YMnoWthXDnu+08tlTZavxGwq2NQzNKX/0kVd +YjkRP/6fumHdZ3jsbqy67khk46jnCYdl0GheW9uX7767ywQeF2S8VgX9iCDoFnpf53K u7Kw== X-Gm-Message-State: AOUpUlHr10gqGHO727Qk+JOVt78IN8LPs8ne6QLneebUOvtyuul8Xqed f6H6VuirQjNH0yhy7d1s4wZNsUC6lCVEmz5E5aBrfYNiXwUdlkEKM1r+yAiy/8rdlrl7Ijnfqjs kqlEeqVSxGw+mJ7LMuAJ+cYXjvXwVF7G5rRcxl6UZ0Q== X-Received: by 2002:ac8:71c9:: with SMTP id i9-v6mr26397478qtp.22.1534366712404; Wed, 15 Aug 2018 13:58:32 -0700 (PDT) X-Google-Smtp-Source: AA+uWPx6EuU/iF01rnPWr8Hw2+QcPwhcGT9YI5H+B99cU+uvxW6LqPtjawke5SuNC3oQVphSF0nZwQ== X-Received: by 2002:ac8:71c9:: with SMTP id i9-v6mr26397473qtp.22.1534366712251; Wed, 15 Aug 2018 13:58:32 -0700 (PDT) Received: from localhost.localdomain ([2804:14c:482:77dd:755a:ff85:9f62:6fb1]) by smtp.gmail.com with ESMTPSA id c11-v6sm14157290qkb.22.2018.08.15.13.58.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Aug 2018 13:58:31 -0700 (PDT) From: Mauricio Faria de Oliveira To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/2] partitions/aix: fix usage of uninitialized lv_info and lvname structures Date: Wed, 15 Aug 2018 17:58:14 -0300 Message-Id: <20180815205815.18380-2-mfo@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180815205815.18380-1-mfo@canonical.com> References: <20180815205815.18380-1-mfo@canonical.com> X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1787281 The if-block that sets a successful return value in aix_partition() uses 'lvip[].pps_per_lv' and 'n[].name' potentially uninitialized. For example, if 'numlvs' is zero or alloc_lvn() fails, neither is initialized, but are used anyway if alloc_pvd() succeeds after it. So, make the alloc_pvd() call conditional on their initialization. This has been hit when attaching an apparently corrupted/stressed AIX LUN, misleading the kernel to pr_warn() invalid data and hang. [...] partition (null) (11 pp's found) is not contiguous [...] partition (null) (2 pp's found) is not contiguous [...] partition (null) (3 pp's found) is not contiguous [...] partition (null) (64 pp's found) is not contiguous Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Jens Axboe (cherry picked from commit 14cb2c8a6c5dae57ee3e2da10fa3db2b9087e39e) Signed-off-by: Mauricio Faria de Oliveira --- block/partitions/aix.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/partitions/aix.c b/block/partitions/aix.c index 007f95eea0e1..850cbd1860d4 100644 --- a/block/partitions/aix.c +++ b/block/partitions/aix.c @@ -178,7 +178,7 @@ int aix_partition(struct parsed_partitions *state) u32 vgda_sector = 0; u32 vgda_len = 0; int numlvs = 0; - struct pvd *pvd; + struct pvd *pvd = NULL; struct lv_info { unsigned short pps_per_lv; unsigned short pps_found; @@ -232,10 +232,11 @@ int aix_partition(struct parsed_partitions *state) if (lvip[i].pps_per_lv) foundlvs += 1; } + /* pvd loops depend on n[].name and lvip[].pps_per_lv */ + pvd = alloc_pvd(state, vgda_sector + 17); } put_dev_sector(sect); } - pvd = alloc_pvd(state, vgda_sector + 17); if (pvd) { int numpps = be16_to_cpu(pvd->pp_count); int psn_part1 = be32_to_cpu(pvd->psn_part1); From patchwork Wed Aug 15 20:58:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauricio Faria de Oliveira X-Patchwork-Id: 960551 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41vxPX5b6pz9s7X; Wed, 22 Aug 2018 02:45:36 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fs9mZ-0002xi-LO; Tue, 21 Aug 2018 16:45:27 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fq2sF-0000K1-L8 for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:35 +0000 Received: from mail-qt0-f198.google.com ([209.85.216.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fq2sF-0002Ta-BT for kernel-team@lists.ubuntu.com; Wed, 15 Aug 2018 20:58:35 +0000 Received: by mail-qt0-f198.google.com with SMTP id z6-v6so1962844qto.4 for ; Wed, 15 Aug 2018 13:58:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=00rLUXHQljQw192Q4G695XqmoL5sduBL15+QZOnpXYQ=; b=jN1z80s4uV5o3vKp3969ELVFuUmZIYjmkxo1IpZ+jOgmJiwlPv/vUfIAPreVgVLs1G m7CuxD51IoAiiAAf8EnwqdP/w/p0rT5ky8NwQEWKLEm32c2LESu/OvgnRFEPh8L48tLg L1Xm4g9KwZWIn6eXJR1eVh9cnwLJ7i1LVnjGmIfY6aINb/dBSqBpwRzyj1A4S7CxJ3pN oBT6/6G7zkXIwW+iZV9UDOIxsaE3R4arMDHNCdTK4iUXgbILd8lTqJVkjAlI0ZcewGl0 SUSR/yCLqE1rnj/0d3akMcGgqsyhahdZx0GQbY+z7bVBdvdtAfp7VUkI1lddBhLJr9m5 SvRQ== X-Gm-Message-State: AOUpUlGkd3tsZ0X9JNeRjr21d9ny9cE8DXcx1gt3jKJNlbS/T62Zlmrz om3X6RN9yFxwttM9Yof8lQJS+8AFzSuFcp6Gtza65R8LqvWgGx/2Q8Cdck9jbFDR+Te08ieCbdW vaRSv9CA0YQmhODlc8va8y3qSirhHx1BbcRPIMNpPbA== X-Received: by 2002:a37:a310:: with SMTP id m16-v6mr26246157qke.254.1534366714358; Wed, 15 Aug 2018 13:58:34 -0700 (PDT) X-Google-Smtp-Source: AA+uWPx1ZdrBZyOP61Z2tbr5ShqHDDdbligeU9HeaVY3hxv2D+c3C6AjIeNhOrIJWSeoq+sGhe3iBQ== X-Received: by 2002:a37:a310:: with SMTP id m16-v6mr26246150qke.254.1534366714201; Wed, 15 Aug 2018 13:58:34 -0700 (PDT) Received: from localhost.localdomain ([2804:14c:482:77dd:755a:ff85:9f62:6fb1]) by smtp.gmail.com with ESMTPSA id c11-v6sm14157290qkb.22.2018.08.15.13.58.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Aug 2018 13:58:33 -0700 (PDT) From: Mauricio Faria de Oliveira To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/2] partitions/aix: append null character to print data from disk Date: Wed, 15 Aug 2018 17:58:15 -0300 Message-Id: <20180815205815.18380-3-mfo@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180815205815.18380-1-mfo@canonical.com> References: <20180815205815.18380-1-mfo@canonical.com> X-Mailman-Approved-At: Tue, 21 Aug 2018 16:45:26 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1787281 Even if properly initialized, the lvname array (i.e., strings) is read from disk, and might contain corrupt data (e.g., lack the null terminating character for strings). So, make sure the partition name string used in pr_warn() has the null terminating character. Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files") Suggested-by: Daniel J. Axtens Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Jens Axboe (cherry picked from commit d43fdae7bac2def8c4314b5a49822cb7f08a45f1) Signed-off-by: Mauricio Faria de Oliveira --- block/partitions/aix.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/block/partitions/aix.c b/block/partitions/aix.c index 850cbd1860d4..903f3ed175d0 100644 --- a/block/partitions/aix.c +++ b/block/partitions/aix.c @@ -283,10 +283,14 @@ int aix_partition(struct parsed_partitions *state) next_lp_ix += 1; } for (i = 0; i < state->limit; i += 1) - if (lvip[i].pps_found && !lvip[i].lv_is_contiguous) + if (lvip[i].pps_found && !lvip[i].lv_is_contiguous) { + char tmp[sizeof(n[i].name) + 1]; // null char + + snprintf(tmp, sizeof(tmp), "%s", n[i].name); pr_warn("partition %s (%u pp's found) is " "not contiguous\n", - n[i].name, lvip[i].pps_found); + tmp, lvip[i].pps_found); + } kfree(pvd); } kfree(n);