| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Jun 2011 15:53:15 +1000 From: NeilBrown <neilb@...e.de> To: Namhyung Kim <namhyung@...il.com> Cc: linux-raid@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...nel.org Subject: Re: [PATCH 2/2] md: check ->hot_remove_disk when removing disk On Thu, 2 Jun 2011 13:53:03 +0900 Namhyung Kim <namhyung@...il.com> wrote: > Check pers->hot_remove_disk instead of pers->hot_add_disk in slot_store() > during disk removal. The linear personality only has ->hot_add_disk and > no ->hot_remove_disk, so that removing disk in the array resulted to > following kernel bug: > > $ sudo mdadm --create /dev/md0 --level=linear --raid-devices=4 /dev/loop[0-3] > $ echo none | sudo tee /sys/block/md0/md/dev-loop2/slot > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: [< (null)>] (null) > PGD c9f5d067 PUD 8575a067 PMD 0 > Oops: 0010 [#1] SMP > CPU 2 > Modules linked in: linear loop bridge stp llc kvm_intel kvm asus_atk0110 sr_mod cdrom sg > > Pid: 10450, comm: tee Not tainted 3.0.0-rc1-leonard+ #173 System manufacturer System Product Name/P5G41TD-M PRO > RIP: 0010:[<0000000000000000>] [< (null)>] (null) > RSP: 0018:ffff880085757df0 EFLAGS: 00010282 > RAX: ffffffffa00168e0 RBX: ffff8800d1431800 RCX: 000000000000006e > RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff88008543c000 > RBP: ffff880085757e48 R08: 0000000000000002 R09: 000000000000000a > R10: 0000000000000000 R11: ffff88008543c2e0 R12: 00000000ffffffff > R13: ffff8800b4641000 R14: 0000000000000005 R15: 0000000000000000 > FS: 00007fe8c9e05700(0000) GS:ffff88011fa00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: 0000000000000000 CR3: 00000000b4502000 CR4: 00000000000406e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process tee (pid: 10450, threadinfo ffff880085756000, task ffff8800c9f08000) > Stack: > ffffffff8138496a ffff8800b4641000 ffff88008543c268 0000000000000000 > ffff8800b4641000 ffff88008543c000 ffff8800d1431868 ffffffff81a78a90 > ffff8800b4641000 ffff88008543c000 ffff8800d1431800 ffff880085757e98 > Call Trace: > [<ffffffff8138496a>] ? slot_store+0xaa/0x265 > [<ffffffff81384bae>] rdev_attr_store+0x89/0xa8 > [<ffffffff8115a96a>] sysfs_write_file+0x108/0x144 > [<ffffffff81106b87>] vfs_write+0xb1/0x10d > [<ffffffff8106e6c0>] ? trace_hardirqs_on_caller+0x111/0x135 > [<ffffffff81106cac>] sys_write+0x4d/0x77 > [<ffffffff814fe702>] system_call_fastpath+0x16/0x1b > Code: Bad RIP value. > RIP [< (null)>] (null) > RSP <ffff880085757df0> > CR2: 0000000000000000 > ---[ end trace ba5fc64319a826fb ]--- > > Signed-off-by: Namhyung Kim <namhyung@...il.com> > Cc: stable@...nel.org > --- > drivers/md/md.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/md/md.c b/drivers/md/md.c > index f210e42a56ca..3db106b7b245 100644 > --- a/drivers/md/md.c > +++ b/drivers/md/md.c > @@ -2461,7 +2461,7 @@ slot_store(mdk_rdev_t *rdev, const char *buf, size_t len) > if (rdev->raid_disk == -1) > return -EEXIST; > /* personality does all needed checks */ > - if (rdev->mddev->pers->hot_add_disk == NULL) > + if (rdev->mddev->pers->hot_remove_disk == NULL) > return -EINVAL; > err = rdev->mddev->pers-> > hot_remove_disk(rdev->mddev, rdev->raid_disk); Thanks. I've applied this to my tree and will push it to Linus in due course. NeilBrown -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists