| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 May 2016 13:41:44 -0500 From: Reza Arbab <arbab@...ux.vnet.ibm.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-kernel@...r.kernel.org Subject: [PATCH] memory-hotplug: fix store_mem_state() return value Attempting to online memory which is already online will cause this: 1. store_mem_state() called with buf="online" 2. device_online() returns 1 because device is already online 3. store_mem_state() returns 1 4. calling code interprets this as 1-byte buffer read 5. store_mem_state() called again with buf="nline" 6. store_mem_state() returns -EINVAL Example: $ cat /sys/devices/system/memory/memory0/state online $ echo online > /sys/devices/system/memory/memory0/state -bash: echo: write error: Invalid argument Fix the return value of store_mem_state() so this doesn't happen. Signed-off-by: Reza Arbab <arbab@...ux.vnet.ibm.com> --- drivers/base/memory.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/base/memory.c b/drivers/base/memory.c index 961e2cf..031950f 100644 --- a/drivers/base/memory.c +++ b/drivers/base/memory.c @@ -359,9 +359,7 @@ store_mem_state(struct device *dev, err: unlock_device_hotplug(); - if (ret) - return ret; - return count; + return ret < 0 ? ret : count; } /* -- 1.8.3.1
Powered by blists - more mailing lists