lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250319111622.34057-1-arefev@swemel.ru>
Date: Wed, 19 Mar 2025 14:16:20 +0300
From: Denis Arefev <arefev@...mel.ru>
To: stable@...r.kernel.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Richard Weinberger <richard@....at>,
	Miquel Raynal <miquel.raynal@...tlin.com>,
	Vignesh Raghavendra <vigneshr@...com>,
	Mike Frysinger <vapier@...too.org>,
	Artem Bityutskiy <artem.bityutskiy@...ux.intel.com>,
	linux-mtd@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	lvc-project@...uxtesting.org,
	Zhihao Cheng <chengzhihao1@...wei.com>
Subject: [PATCH 6.1] ubi: Add a check for ubi_num

From: Denis Arefev <arefev@...mel.ru>

commit 97bbf9e312c3fbaf0baa56120238825d2eb23b8a upstream.  

Added a check for ubi_num for negative numbers
If the variable ubi_num takes negative values then we get:

qemu-system-arm ... -append "ubi.mtd=0,0,0,-22222345" ...
[    0.745065]  ubi_attach_mtd_dev from ubi_init+0x178/0x218
[    0.745230]  ubi_init from do_one_initcall+0x70/0x1ac
[    0.745344]  do_one_initcall from kernel_init_freeable+0x198/0x224
[    0.745474]  kernel_init_freeable from kernel_init+0x18/0x134
[    0.745600]  kernel_init from ret_from_fork+0x14/0x28
[    0.745727] Exception stack(0x90015fb0 to 0x90015ff8)

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 83ff59a06663 ("UBI: support ubi_num on mtd.ubi command line")
Signed-off-by: Denis Arefev <arefev@...mel.ru>
Reviewed-by: Zhihao Cheng <chengzhihao1@...wei.com>
Signed-off-by: Richard Weinberger <richard@....at>
[Denis: minor fix to resolve merge conflict.]                                           
Signed-off-by: Denis Arefev <arefev@...mel.ru>
---
 drivers/mtd/ubi/build.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
index 6fbd77dc1d18..6a7577e57617 100644
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -1460,9 +1460,9 @@ static int ubi_mtd_param_parse(const char *val, const struct kernel_param *kp)
 	if (token) {
 		int err = kstrtoint(token, 10, &p->ubi_num);
 
-		if (err) {
-			pr_err("UBI error: bad value for ubi_num parameter: %s",
-			       token);
+		if (err || p->ubi_num < UBI_DEV_NUM_AUTO) {
+			pr_err("UBI error: bad value for ubi_num parameter: %s\n",
+					token);
 			return -EINVAL;
 		}
 	} else
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ