| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 May 2016 20:03:10 +0200
From: Matias Bjørling <m@...rling.me>
To: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
axboe@...com
Cc: Matias Bjørling <m@...rling.me>
Subject: [PATCH 17/28] lightnvm: fix out of bound ppa lun id on bb tbl
The ppa configured for retrieving the bad block table uses the internal
lun id to setup the get bad block ppa. This increases monotonically
with the number luns available. When configuring a ppa, the channel and
lun must be specified separately, leading to an out of bound memory
access in gennvm_block_bb when lun id goes beyond the luns available
within a channel.
Additional, remove out of bound check in gennvm_block_bb(), as it was a
buggy to begin with.
Signed-off-by: Matias Bjørling <m@...rling.me>
---
drivers/lightnvm/gennvm.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/lightnvm/gennvm.c b/drivers/lightnvm/gennvm.c
index 89b880a..61790ae 100644
--- a/drivers/lightnvm/gennvm.c
+++ b/drivers/lightnvm/gennvm.c
@@ -148,11 +148,6 @@ static int gennvm_block_bb(struct gen_nvm *gn, struct ppa_addr ppa,
continue;
blk = &lun->vlun.blocks[i];
- if (!blk) {
- pr_err("gennvm: BB data is out of bounds.\n");
- return -EINVAL;
- }
-
list_move_tail(&blk->list, &lun->bb_list);
lun->vlun.nr_bad_blocks++;
lun->vlun.nr_free_blocks--;
@@ -257,7 +252,7 @@ static int gennvm_blocks_init(struct nvm_dev *dev, struct gen_nvm *gn)
ppa.ppa = 0;
ppa.g.ch = lun->vlun.chnl_id;
- ppa.g.lun = lun->vlun.id;
+ ppa.g.lun = lun->vlun.lun_id;
ret = nvm_get_bb_tbl(dev, ppa, blks);
if (ret)
--
2.1.4
Powered by blists - more mailing lists