diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52458.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52458.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52458.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52458.patch new file mode 100644 index 000000000..667131aa2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-52458.patch @@ -0,0 +1,67 @@ +From 8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 Mon Sep 17 00:00:00 2001 +From: Min Li <min15.li@samsung.com> +Date: Thu, 29 Jun 2023 14:25:17 +0000 +Subject: [PATCH] block: add check that partition length needs to be aligned + with block size + +commit 6f64f866aa1ae6975c95d805ed51d7e9433a0016 upstream. + +Before calling add partition or resize partition, there is no check +on whether the length is aligned with the logical block size. +If the logical block size of the disk is larger than 512 bytes, +then the partition size maybe not the multiple of the logical block size, +and when the last sector is read, bio_truncate() will adjust the bio size, +resulting in an IO error if the size of the read command is smaller than +the logical block size.If integrity data is supported, this will also +result in a null pointer dereference when calling bio_integrity_free. + +Cc: <stable@vger.kernel.org> +Signed-off-by: Min Li <min15.li@samsung.com> +Reviewed-by: Damien Le Moal <dlemoal@kernel.org> +Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> +Reviewed-by: Christoph Hellwig <hch@lst.de> +Link: https://lore.kernel.org/r/20230629142517.121241-1-min15.li@samsung.com +Signed-off-by: Jens Axboe <axboe@kernel.dk> +Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat@broadcom.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + block/ioctl.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/block/ioctl.c b/block/ioctl.c +index eb0491e90b9a..7c7dd52e50c3 100644 +--- a/block/ioctl.c ++++ b/block/ioctl.c +@@ -18,7 +18,7 @@ static int blkpg_do_ioctl(struct block_device *bdev, + { + struct gendisk *disk = bdev->bd_disk; + struct blkpg_partition p; +- long long start, length; ++ sector_t start, length; + + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; +@@ -33,14 +33,17 @@ static int blkpg_do_ioctl(struct block_device *bdev, + if (op == BLKPG_DEL_PARTITION) + return bdev_del_partition(disk, p.pno); + ++ if (p.start < 0 || p.length <= 0 || p.start + p.length < 0) ++ return -EINVAL; ++ /* Check that the partition is aligned to the block size */ ++ if (!IS_ALIGNED(p.start | p.length, bdev_logical_block_size(bdev))) ++ return -EINVAL; ++ + start = p.start >> SECTOR_SHIFT; + length = p.length >> SECTOR_SHIFT; + + switch (op) { + case BLKPG_ADD_PARTITION: +- /* check if partition is aligned to blocksize */ +- if (p.start & (bdev_logical_block_size(bdev) - 1)) +- return -EINVAL; + return bdev_add_partition(disk, p.pno, start, length); + case BLKPG_RESIZE_PARTITION: + return bdev_resize_partition(disk, p.pno, start, length); +-- +2.25.1 + |