Vasily Gorbik ea298e6ee8 s390/cio: avoid calling strlen on null pointer ... Fix the following kasan finding: BUG: KASAN: global-out-of-bounds in ccwgroup_create_dev+0x850/0x1140 Read of size 1 at addr 0000000000000000 by task systemd-udevd.r/561 CPU: 30 PID: 561 Comm: systemd-udevd.r Tainted: G B Hardware name: IBM 3906 M04 704 (LPAR) Call Trace: ([<0000000231b3db7e>] show_stack+0x14e/0x1a8) [<0000000233826410>] dump_stack+0x1d0/0x218 [<000000023216fac4>] print_address_description+0x64/0x380 [<000000023216f5a8>] __kasan_report+0x138/0x168 [<00000002331b8378>] ccwgroup_create_dev+0x850/0x1140 [<00000002332b618a>] group_store+0x3a/0x50 [<00000002323ac706>] kernfs_fop_write+0x246/0x3b8 [<00000002321d409a>] vfs_write+0x132/0x450 [<00000002321d47da>] ksys_write+0x122/0x208 [<0000000233877102>] system_call+0x2a6/0x2c8 Triggered by: openat(AT_FDCWD, "/sys/bus/ccwgroup/drivers/qeth/group", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 16 write(16, "0.0.bd00,0.0.bd01,0.0.bd02", 26) = 26 The problem is that __get_next_id in ccwgroup_create_dev might set "buf" buffer pointer to NULL and explicit check for that is required. Cc: stable@vger.kernel.org Reviewed-by: Sebastian Ott <sebott@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>		2019-09-23 23:27:52 +02:00
..
block	s390/dasd: fix endless loop after read unit address configuration	2019-08-01 20:46:14 -06:00
char	s390 updates for the 5.4 merge window	2019-09-17 14:04:43 -07:00
cio	s390/cio: avoid calling strlen on null pointer	2019-09-23 23:27:52 +02:00
crypto	s390/zcrypt: CEX7S exploitation support	2019-09-19 12:56:06 +02:00
net	s390/qeth: reject oversized SNMP requests	2019-08-24 16:34:08 -07:00
scsi	SCSI fixes on 20190720	2019-07-20 10:04:58 -07:00
virtio	virtio/s390: fix race on airq_areas[]	2019-07-26 13:36:18 +02:00
Makefile	s390: remove pointless drivers-y in drivers/s390/Makefile	2019-09-16 13:21:51 +02:00