| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231223063728.3229446-4-linan666@huaweicloud.com>
Date: Sat, 23 Dec 2023 14:37:27 +0800
From: linan666@...weicloud.com
To: axboe@...nel.dk,
geliang.tang@...e.com,
xni@...hat.com,
colyli@...e.de
Cc: ira.weiny@...el.com,
linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org,
linan666@...weicloud.com,
yukuai3@...wei.com,
yi.zhang@...wei.com,
houtao1@...wei.com,
yangerkun@...wei.com
Subject: [PATCH 3/4] badblocks: fix slab-out-of-bounds in _badblocks_check()
From: Li Nan <linan122@...wei.com>
prev_badblocks() will return -1 if checked range start < p[0]. Accessing
p[-1] will cause bug as below:
BUG: KASAN: slab-out-of-bounds in badblocks_check+0x2c4
Fix it by checking 'prev' before accessing badblocks->page.
Fixes: 3ea3354cb9f0 ("badblocks: improve badblocks_check() for multiple ranges handling")
Signed-off-by: Li Nan <linan122@...wei.com>
---
block/badblocks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/badblocks.c b/block/badblocks.c
index 054d05b93641..71a3e43351da 100644
--- a/block/badblocks.c
+++ b/block/badblocks.c
@@ -1316,7 +1316,7 @@ static int _badblocks_check(struct badblocks *bb, sector_t s, int sectors,
goto out;
}
- if (overlap_front(bb, prev, &bad)) {
+ if (prev >= 0 && overlap_front(bb, prev, &bad)) {
if (set == 0) {
*first_bad = BB_OFFSET(p[prev]);
*bad_sectors = BB_LEN(p[prev]);
--
2.39.2
Powered by blists - more mailing lists