diff mbox series

[SRU,F/J,1/2] dm ioctl: log an error if the ioctl structure is corrupted

Message ID 20240222215905.83786-2-yuxuan.luo@canonical.com
State New
Headers show
Series [SRU,F/J,1/2] dm ioctl: log an error if the ioctl structure is corrupted | expand

Commit Message

Yuxuan Luo Feb. 22, 2024, 9:59 p.m. UTC 
From: Mikulas Patocka <mpatocka@redhat.com>

This will help triage bugs when userspace is passing invalid ioctl
structure to the kernel.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
[snitzer: log errors using DMERR instead of DMWARN]
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
(cherry picked from commit dbdcc906d978650417b076a875b0f962fcdf79dd)
CVE-2024-23851
Signed-off-by: Yuxuan Luo <yuxuan.luo@canonical.com>
---
 drivers/md/dm-ioctl.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index 815c41e1ebdb8..ec72963b10045 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -891,15 +891,21 @@  static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param)
 	struct hash_cell *hc = NULL;
 
 	if (*param->uuid) {
-		if (*param->name || param->dev)
+		if (*param->name || param->dev) {
+			DMERR("Invalid ioctl structure: uuid %s, name %s, dev %llx",
+			      param->uuid, param->name, (unsigned long long)param->dev);
 			return NULL;
+		}
 
 		hc = __get_uuid_cell(param->uuid);
 		if (!hc)
 			return NULL;
 	} else if (*param->name) {
-		if (param->dev)
+		if (param->dev) {
+			DMERR("Invalid ioctl structure: name %s, dev %llx",
+			      param->name, (unsigned long long)param->dev);
 			return NULL;
+		}
 
 		hc = __get_name_cell(param->name);
 		if (!hc)
@@ -1859,8 +1865,11 @@  static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern
 	if (copy_from_user(param_kernel, user, minimum_data_size))
 		return -EFAULT;
 
-	if (param_kernel->data_size < minimum_data_size)
+	if (param_kernel->data_size < minimum_data_size) {
+		DMERR("Invalid data size in the ioctl structure: %u",
+		      param_kernel->data_size);
 		return -EINVAL;
+	}
 
 	secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG;