From: Sebastian Ott Date: Mon, 25 Oct 2010 14:10:46 +0000 (+0200) Subject: [S390] dasd: fix use after free in dbf X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=26cffecf84c8cb33787dd13a72bd2124d107d413;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [S390] dasd: fix use after free in dbf Writing to /proc/dasd/statistics while the debug level of the generic dasd debug entry is set to DBF_DEBUG will lead to an use after free when accessing the debug entry later. Since for the format string "%s" in the s390 dbf only a pointer to the string is stored in the debug feature and the buffer used here is freed afterwards. To fix this just remove the debug message. Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky --- diff --git a/drivers/s390/block/dasd_proc.c b/drivers/s390/block/dasd_proc.c index 2eb02559280..c4a6a31bd9c 100644 --- a/drivers/s390/block/dasd_proc.c +++ b/drivers/s390/block/dasd_proc.c @@ -251,7 +251,6 @@ static ssize_t dasd_stats_proc_write(struct file *file, buffer = dasd_get_user_string(user_buf, user_len); if (IS_ERR(buffer)) return PTR_ERR(buffer); - DBF_EVENT(DBF_DEBUG, "/proc/dasd/statictics: '%s'\n", buffer); /* check for valid verbs */ str = skip_spaces(buffer);