lp:~kelsey-skunberg/ubuntu/+source/linux/+git/xenial-next

Get this repository:
git clone https://git.launchpad.net/~kelsey-skunberg/ubuntu/+source/linux/+git/xenial-next
Only Kelsey Margarete Skunberg can upload to this repository. If you are Kelsey Margarete Skunberg please log in for upload directions.

Branches

Name Last Modified Last Commit
master-next 2020-04-02 01:00:21 UTC 2020-04-02
blktrace: fix dereference after null check

Author: Cengiz Can
Author Date: 2020-04-01 14:16:34 UTC

blktrace: fix dereference after null check

There was a recent change in blktrace.c that added a RCU protection to
`q->blk_trace` in order to fix a use-after-free issue during access.

However the change missed an edge case that can lead to dereferencing of
`bt` pointer even when it's NULL:

Coverity static analyzer marked this as a FORWARD_NULL issue with CID
1460458.

```
/kernel/trace/blktrace.c: 1904 in sysfs_blk_trace_attr_store()
1898 ret = 0;
1899 if (bt == NULL)
1900 ret = blk_trace_setup_queue(q, bdev);
1901
1902 if (ret == 0) {
1903 if (attr == &dev_attr_act_mask)
>>> CID 1460458: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "bt".
1904 bt->act_mask = value;
1905 else if (attr == &dev_attr_pid)
1906 bt->pid = value;
1907 else if (attr == &dev_attr_start_lba)
1908 bt->start_lba = value;
1909 else if (attr == &dev_attr_end_lba)
```

Added a reassignment with RCU annotation to fix the issue.

Fixes: c780e86dd48 ("blktrace: Protect q->blk_trace with RCU")
Cc: stable@vger.kernel.org
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Bob Liu <bob.liu@oracle.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Cengiz Can <cengiz@kernel.wtf>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

CVE-2019-19768
(cherry picked from commit 153031a301bb07194e9c37466cfce8eacb977621)
Signed-off-by: Benjamin M Romer <benjamin.romer@canonical.com>
Acked-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>

11 of 1 result
This repository contains Public information 
Everyone can see this information.