linux

History

Minchan Kim 0bc9f5d14a drivers/block/zram/zram_drv.c: fix idle/writeback string compare Makoto report a below KASAN error: zram does out-of-bounds read. Because strscpy copies from source up to count bytes unconditionally. It could cause out-of-bounds read on next object in slab. To prevent it, use strlcpy which checks source's length automatically. BUG: KASAN: slab-out-of-bounds in strscpy+0x68/0x154 Read of size 8 at addr ffffffc0c3495a00 by task system_server/1314 .. Call trace: strscpy+0x68/0x154 idle_store+0xc4/0x34c dev_attr_store+0x50/0x6c sysfs_kf_write+0x98/0xb4 kernfs_fop_write+0x198/0x260 __vfs_write+0x10c/0x338 vfs_write+0x114/0x238 SyS_write+0xc8/0x168 __sys_trace_return+0x0/0x4 Allocated by task 1314: __kmalloc+0x280/0x318 kernfs_fop_write+0xac/0x260 __vfs_write+0x10c/0x338 vfs_write+0x114/0x238 SyS_write+0xc8/0x168 __sys_trace_return+0x0/0x4 Freed by task 2855: kfree+0x138/0x630 kernfs_put_open_node+0x10c/0x124 kernfs_fop_release+0xd8/0x114 __fput+0x130/0x2a4 ____fput+0x1c/0x28 task_work_run+0x16c/0x1c8 do_notify_resume+0x2bc/0x107c work_pending+0x8/0x10 The buggy address belongs to the object at ffffffc0c3495a00 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 0 bytes inside of 128-byte region [ffffffc0c3495a00, ffffffc0c3495a80) The buggy address belongs to the page: page:ffffffbf030d2500 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 flags: 0x4000000000010200(slab\|head) page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffc0c3495900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0c3495980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffffc0c3495a00: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffffc0c3495a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffffc0c3495b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Link: http://lkml.kernel.org/r/20190319231911.145968-1-minchan@kernel.org Cc: <stable@vger.kernel.org> [5.0] Signed-off-by: Minchan Kim <minchan@kernel.org> Reported-by: Makoto Wu <makotowu@google.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2019-03-29 10:01:37 -07:00
..
accessibility
acpi	ACPI / utils: Drop reference in test for device presence	2019-03-19 22:34:21 +01:00
amba	ARM: 8836/1: drivers: amba: Update component matching to use the CoreSight UCI values.	2019-02-26 11:23:49 +00:00
android
ata	SCSI misc on 20190306	2019-03-09 16:53:47 -08:00
atm
auxdisplay	auxdisplay: charlcd: make backlight initial state configurable	2019-03-17 08:48:45 +01:00
base	Device properties framework fix for 5.1-rc2	2019-03-22 12:08:52 -07:00
bcma
block	drivers/block/zram/zram_drv.c: fix idle/writeback string compare	2019-03-29 10:01:37 -07:00
bluetooth	Bluetooth: mediatek: add support for MediaTek MT7663U and MT7668U UART devices	2019-03-02 19:51:23 +01:00
bus	ARM: SoC driver updates for 5.1	2019-03-06 09:41:12 -08:00
cdrom
char	Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2019-03-10 17:37:29 -07:00
clk	We have a fairly balanced mix of clk driver updates and clk framework	2019-03-14 08:46:17 -07:00
clocksource	clocksource/drivers/clps711x: Remove board support	2019-03-24 11:30:11 +01:00
connector	connector: fix unsafe usage of ->real_parent	2019-03-08 15:06:38 -08:00
cpufreq	cpufreq: intel_pstate: Fix up iowait_boost computation	2019-03-12 09:47:30 +01:00
cpuidle	cpuidle: governor: Add new governors to cpuidle_governors again	2019-03-12 23:46:55 +01:00
crypto	Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2019-03-13 09:51:17 -07:00
dax	device-dax for 5.1	2019-03-16 13:05:32 -07:00
dca
devfreq
dio
dma	dmaengine updates for v5.1-rc1	2019-03-14 09:11:54 -07:00
dma-buf
edac	Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2019-03-08 09:11:39 -08:00
eisa
extcon
firewire
firmware	memblock: drop memblock_alloc_*_nopanic() variants	2019-03-12 10:04:02 -07:00
fmc
fpga
fsi
gnss
gpio	pci-v5.1-changes	2019-03-09 14:57:08 -08:00
gpu	Merge branch 'drm-fixes-5.1' of git://people.freedesktop.org/~agd5f/linux into drm-fixes	2019-03-22 12:08:44 +10:00
hid	Merge branch 'for-5.1/wacom' into for-linus	2019-03-05 15:43:05 +01:00
hsi
hv	Char/Misc driver patches for 5.1-rc1	2019-03-06 14:18:59 -08:00
hwmon	hwmon: (ad7418) Add device tree probing	2019-02-25 09:06:00 -08:00
hwspinlock
hwtracing	ARM updates for 5.1-rc1	2019-03-15 14:37:46 -07:00
i2c	i2c: i2c-designware-platdrv: Always use a dynamic adapter number	2019-03-13 18:07:10 +01:00
i3c	- Add a /* fall-through */ comment in the dw-i3c-master driver	2019-03-04 19:05:02 -08:00
ide	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide	2019-03-11 09:34:00 -07:00
idle
iio	- New Drivers	2019-03-08 10:02:58 -08:00
infiniband	i40iw: Avoid panic when handling the inetdev event	2019-03-17 21:40:40 -03:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2019-03-11 10:57:11 -07:00
interconnect
iommu	iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging	2019-03-29 10:01:37 -07:00
ipack
irqchip	irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static	2019-03-21 16:43:00 +01:00
isdn	mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S	2019-03-18 18:32:44 -07:00
leds	platform-drivers-x86 for v5.1-1	2019-03-10 13:16:37 -07:00
lightnvm	pblk: fix max_io calculation	2019-03-07 08:59:26 -07:00
macintosh	treewide: add checks for the return value of memblock_alloc*()	2019-03-12 10:04:02 -07:00
mailbox	mailbox: imx: keep MU irq working during suspend/resume	2019-03-11 02:51:43 -05:00
mcb
md	for-5.1/block-post-20190315	2019-03-16 12:36:39 -07:00
media	DMA mapping updates for 5.1	2019-03-10 11:54:48 -07:00
memory
memstick
message
mfd	DMA mapping updates for 5.1	2019-03-10 11:54:48 -07:00
misc	5.1 Merge Window Pull Request	2019-03-09 15:53:03 -08:00
mmc	mmc: renesas_sdhi: limit block count to 16 bit for old revisions	2019-03-21 11:41:46 +01:00
mtd	This pull request contains updates for both UBI and UBIFS:	2019-03-13 09:34:35 -07:00
mux
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2019-03-27 12:22:57 -07:00
nfc
ntb	Fixes for switchtec debugability and mapping table entries, NTB	2019-03-15 14:32:59 -07:00
nubus
nvdimm	device-dax for 5.1	2019-03-16 13:05:32 -07:00
nvme	for-5.1/block-post-20190315	2019-03-16 12:36:39 -07:00
nvmem	Char/Misc driver patches for 5.1-rc1	2019-03-06 14:18:59 -08:00
of	of: fix kmemleak crash caused by imbalance in early memory reservation	2019-03-12 10:04:02 -07:00
opp	PM / OPP: Update performance state when freq == old_freq	2019-03-12 09:45:56 +01:00
oprofile
parisc	DMA mapping updates for 5.1	2019-03-10 11:54:48 -07:00
parport	Revert "parport: daisy: use new parport device model"	2019-03-25 14:49:00 -07:00
pci	IOMMU Updates for Linux v5.1	2019-03-10 12:29:52 -07:00
pcmcia
perf	arm64 updates for 5.1:	2019-03-10 10:17:23 -07:00
phy	drm next pull request for 5.1	2019-03-08 08:23:15 -08:00
pinctrl	This is the bulk of pin control changes for the v5.1 kernel cycle.	2019-03-11 11:12:50 -07:00
platform	Chrome Platform fixes for v5.1-rc2	2019-03-19 11:28:15 -07:00
pnp	ACPI/ACPICA: Trivial: fix spelling mistakes and fix whitespace formatting	2019-02-24 21:12:01 +01:00
power
powercap
pps
ps3
ptp	Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2019-03-05 14:08:26 -08:00
pwm	pwm: atmel: Remove useless symbolic definitions	2019-03-04 12:52:49 +01:00
rapidio	rapidio/mport_cdev: mark expected switch fall-through	2019-03-07 18:32:02 -08:00
ras
regulator	regulator: mc13xxx: Constify regulator_ops variables	2019-03-04 00:01:08 +00:00
remoteproc	remoteproc updates for v5.1	2019-03-14 09:00:06 -07:00
reset
rpmsg	rpmsg: virtio: change header file sort style	2019-02-20 21:15:54 -08:00
rtc	chrome platform changes for v5.1	2019-03-12 09:46:32 -07:00
s390	s390 update with improvements and bug fixes for 5.1-rc2	2019-03-28 08:35:32 -07:00
sbus
scsi	scsi: ibmvscsi: Fix empty event pool access during host removal	2019-03-20 20:13:17 -04:00
sfi
sh
siox
slimbus
sn
soc	This pull request brings in a build fix for arm64 with bcm2835	2019-03-18 10:31:24 -07:00
soundwire
spi	pci-v5.1-changes	2019-03-09 14:57:08 -08:00
spmi
ssb
staging	media updates for v5.1-rc1	2019-03-09 14:45:54 -08:00
target	SCSI misc on 20190315	2019-03-16 12:51:50 -07:00
tc
tee	ARM: SoC driver updates for 5.1	2019-03-06 09:41:12 -08:00
thermal	Merge branches 'fixes' and 'thermal-intel' into next	2019-03-18 22:37:44 +08:00
thunderbolt
tty	dmaengine updates for v5.1-rc1	2019-03-14 09:11:54 -07:00
uio
usb	memblock: drop memblock_alloc_*_nopanic() variants	2019-03-12 10:04:02 -07:00
uwb
vfio	powerpc updates for 5.1	2019-03-07 12:56:26 -08:00
vhost	virtio: fixes, cleanups	2019-03-10 12:47:57 -07:00
video	fbdev changes for v5.1:	2019-03-15 14:22:59 -07:00
virt	virt: vbox: Mark expected switch fall-through	2019-02-27 16:00:20 +01:00
virtio	virtio: hint if callbacks surprisingly might sleep	2019-03-06 11:19:57 -05:00
visorbus
vlynq
vme
w1
watchdog	linux-watchdog 5.1-rc1 tag	2019-03-11 11:22:15 -07:00
xen	xen/balloon: Fix mapping PG_offline pages to user space	2019-03-15 15:35:35 +01:00
zorro
Kconfig
Makefile	IOMMU Updates for Linux v5.1	2019-03-10 12:29:52 -07:00