projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f97dc42)
dm mpath: add checks for priority group count to avoid invalid memory access
authortang.junhui <tang.junhui@zte.com.cn>
Fri, 4 Nov 2016 04:37:09 +0000 (12:37 +0800)
committerMike Snitzer <snitzer@redhat.com>
Mon, 21 Nov 2016 14:52:08 +0000 (09:52 -0500)
This avoids the potential for invalid memory access, if/when there are
no priority groups, in response to invalid arguments being sent by the
user via DM message (e.g. "switch_group", "disable_group" or
"enable_group").

Signed-off-by: tang.junhui <tang.junhui@zte.com.cn>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
drivers/md/dm-mpath.c patch | blob | blame | history

diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index d234b6c33646f6d9e9387fb64ca85d803bade53f..f8369697af122c5ed226af959766996c4b0a648d 100644 (file)
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -1364,7 +1364,7 @@ static int switch_pg_num(struct multipath *m, const char *pgstr)
        char dummy;
 
        if (!pgstr || (sscanf(pgstr, "%u%c", &pgnum, &dummy) != 1) || !pgnum ||
-           (pgnum > m->nr_priority_groups)) {
+           !m->nr_priority_groups || (pgnum > m->nr_priority_groups)) {
                DMWARN("invalid PG number supplied to switch_pg_num");
                return -EINVAL;
        }
@@ -1396,7 +1396,7 @@ static int bypass_pg_num(struct multipath *m, const char *pgstr, bool bypassed)
        char dummy;
 
        if (!pgstr || (sscanf(pgstr, "%u%c", &pgnum, &dummy) != 1) || !pgnum ||
-           (pgnum > m->nr_priority_groups)) {
+           !m->nr_priority_groups || (pgnum > m->nr_priority_groups)) {
                DMWARN("invalid PG number supplied to bypass_pg");
                return -EINVAL;
        }