iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,108,765 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Siddh Raman Pant 9be7fa7ead loop: Check for overflow while configuring loop 
commit c490a0b5a4f36da3918181a8acdc6991d967c5f3 upstream.

The userspace can configure a loop using an ioctl call, wherein
a configuration of type loop_config is passed (see lo_ioctl()'s
case on line 1550 of drivers/block/loop.c). This proceeds to call
loop_configure() which in turn calls loop_set_status_from_info()
(see line 1050 of loop.c), passing &config->info which is of type
loop_info64*. This function then sets the appropriate values, like
the offset.

loop_device has lo_offset of type loff_t (see line 52 of loop.c),
which is typdef-chained to long long, whereas loop_info64 has
lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h).

The function directly copies offset from info to the device as
follows (See line 980 of loop.c):
	lo->lo_offset = info->lo_offset;

This results in an overflow, which triggers a warning in iomap_iter()
due to a call to iomap_iter_done() which has:
	WARN_ON_ONCE(iter->iomap.offset > iter->pos);

Thus, check for negative value during loop_set_status_from_info().

Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e

Reported-and-tested-by: syzbot+a8e049cd3abd342936b6@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Siddh Raman Pant <code@siddh.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220823160810.181275-1-code@siddh.me
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-31 17:18:14 +02:00
arch
x86/PAT: Have pat_enabled() properly reflect state when running on Xen
2022-08-31 17:18:14 +02:00
block
blk-mq: run queue no matter whether the request is the last request
2022-08-25 11:45:36 +02:00
certs
certs: make system keyring depend on x509 parser
2022-07-24 12:53:55 -07:00
crypto
KEYS: asymmetric: enforce SM2 signature use pkey algo
2022-08-17 15:16:17 +02:00
Documentation
x86/bugs: Add "unknown" reporting for MMIO Stale Data
2022-08-31 17:18:14 +02:00
drivers
loop: Check for overflow while configuring loop
2022-08-31 17:18:14 +02:00
fs
btrfs: update generation of hole file extent item when merging holes
2022-08-31 17:18:13 +02:00
include
net: Fix a data-race around gro_normal_batch.
2022-08-31 17:18:10 +02:00
init
stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
2022-08-17 15:14:14 +02:00
io_uring
io_uring: mem-account pbuf buckets
2022-08-17 15:16:21 +02:00
ipc
ipc: Free mq_sysctls if ipc namespace creation failed
2022-06-22 17:47:41 -05:00
kernel
kprobes: don't call disarm_kprobe() for disabled kprobes
2022-08-31 17:18:00 +02:00
lib
ratelimit: Fix data-races in ___ratelimit().
2022-08-31 17:18:08 +02:00
LICENSES
LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers
2021-12-16 14:33:10 +01:00
mm
mm/hugetlb: support write-faults in shared mappings
2022-08-31 17:18:00 +02:00
net
rxrpc: Fix locking in rxrpc's sendmsg
2022-08-31 17:18:11 +02:00
samples
sample: bpf: xdp_router_ipv4: Allow the kernel to send arp requests
2022-08-17 15:14:25 +02:00
scripts
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
2022-08-29 11:07:58 +02:00
security
apparmor: Fix memleak in aa_simple_write_to_buffer()
2022-08-25 11:45:11 +02:00
sound
Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()"
2022-08-25 11:45:54 +02:00
tools
selftests/kprobe: Do not test for GRP/ without event failures
2022-08-25 11:45:46 +02:00
usr
Not a lot of material this cycle. Many singleton patches against various
2022-05-27 11:22:03 -07:00
virt
KVM: Unconditionally get a ref to /dev/kvm module when creating a VM
2022-08-25 11:45:05 +02:00
.clang-format
clang-format: Fix space after for_each macros
2022-05-20 19:27:16 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
kbuild: split the second line of *.mod into *.usyms
2022-05-08 03:16:59 +09:00
.mailmap
ARM: SoC fixes for 5.19, part 4
2022-07-27 09:43:07 -07:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
MAINTAINERS: mark ARM/PALM TREO SUPPORT orphan
2022-07-07 15:17:00 +02:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
io_uring: move to separate directory
2022-08-17 15:14:20 +02:00
Makefile
Linux 5.19.5
2022-08-29 11:18:05 +02:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%