| Message ID | 20250107065446.86928-1-ryncsn@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id D1AE1E77197
for <linux-mm@archiver.kernel.org>; Tue, 7 Jan 2025 06:55:01 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id 020DF6B00B3; Tue, 7 Jan 2025 01:55:01 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
id F13526B00B4; Tue, 7 Jan 2025 01:55:00 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id D8C706B00B7; Tue, 7 Jan 2025 01:55:00 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com
[216.40.44.11])
by kanga.kvack.org (Postfix) with ESMTP id BC59C6B00B3
for <linux-mm@kvack.org>; Tue, 7 Jan 2025 01:55:00 -0500 (EST)
Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay06.hostedemail.com (Postfix) with ESMTP id 4370EAF125
for <linux-mm@kvack.org>; Tue, 7 Jan 2025 06:55:00 +0000 (UTC)
X-FDA: 82979743560.08.715B937
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
[209.85.214.169])
by imf09.hostedemail.com (Postfix) with ESMTP id 67B7E140008
for <linux-mm@kvack.org>; Tue, 7 Jan 2025 06:54:58 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
dkim=pass header.d=gmail.com header.s=20230601 header.b=WghH2QOU;
dmarc=pass (policy=none) header.from=gmail.com;
spf=pass (imf09.hostedemail.com: domain of ryncsn@gmail.com designates
209.85.214.169 as permitted sender) smtp.mailfrom=ryncsn@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736232898; a=rsa-sha256;
cv=none;
b=BQL3v1ZitGWaunYTAqAS4BwX5ILUWATi9pWO/DrfxfO7rkLb3nZZTkPR+jPkTA34cM7C1Y
13ZLQUW6KFpfdeKTyQUr8yBAItuQnGJ8V7NoGCmon7WNcT76c5ubyJo1IgycMOcNR8gLeV
8Op5mG4KSrIoUV123nfVuQfnQqEu8ns=
ARC-Authentication-Results: i=1;
imf09.hostedemail.com;
dkim=pass header.d=gmail.com header.s=20230601 header.b=WghH2QOU;
dmarc=pass (policy=none) header.from=gmail.com;
spf=pass (imf09.hostedemail.com: domain of ryncsn@gmail.com designates
209.85.214.169 as permitted sender) smtp.mailfrom=ryncsn@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1736232898;
h=from:from:sender:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-transfer-encoding:content-transfer-encoding:
in-reply-to:references:dkim-signature;
bh=UAGMcbItJcgVx1BJcJubscurgM31sK9kE3pcE4njB+Y=;
b=GGWHc/ALfrttC0YUaT6w/2ARkgGyC7S4g8Sv35LNoB2TVhyS1oMkVxrixdLGyqGRFJ7xwi
jyZeLLh2hH1blMHMw/2AS37RGvsU11GyY37cW/gYuaEvEfbzYEsarCf8FlzvT6ytSvkR+K
/F8TgGA+kFKdI6M/BoMQDNWHyTtlguc=
Received: by mail-pl1-f169.google.com with SMTP id
d9443c01a7336-216426b0865so215914195ad.0
for <linux-mm@kvack.org>; Mon, 06 Jan 2025 22:54:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1736232896; x=1736837696; darn=kvack.org;
h=content-transfer-encoding:mime-version:reply-to:message-id:date
:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=UAGMcbItJcgVx1BJcJubscurgM31sK9kE3pcE4njB+Y=;
b=WghH2QOU31u7cbgi8lOBA8uOrAx1qIISAvbSrtXMgaYs0c9/W/lYn3IDvxA35Xd3ZO
Z0iovvkyv4m8yoFbgwjk1k1zcycmVSDhWTKDWD8pzXiCfHFiHcesDMZ8VJip4j5rMhNC
gGilOqy2xjdWT8/2wn1NA7awb5+hQRuQgUvuz7emYOSDpJPB+OocnD7QO7RXYaJtEW0J
eyzxzGnCy0fQvt9pDJChew50NeXjjfCWxzZCcyOneg5JH9ffCQ9Qgzey9N1EFGOiRSmM
ifOkPS9aOhW8Pv2ToMcnsdB/dw1Ioy5AUkD6HoMhksnlx49ncuPXH+4oDFsfKhgifz5a
tw6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1736232896; x=1736837696;
h=content-transfer-encoding:mime-version:reply-to:message-id:date
:subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=UAGMcbItJcgVx1BJcJubscurgM31sK9kE3pcE4njB+Y=;
b=M/BW9cDuACHIhN4mNwSpW7T0PilAGpkwnJqi3isI0iiDnD8RqJDaPSBorGR9/gQZ6s
cD+a8WEBPJgYQq/wEZleo0K5VfrsiZgggl8YdyBKeGepn/4rv4agSF7rHSI3vWxhC08S
kcJ0+0sfmlBq0CEvrxT07zsNVzY27cAGK0SxgYliKC4P3xYVws4Lj+7zvDrVP3tOWYnp
wtehf25fmsErOWQE6Na2ll6G/ALZcpTMidI9fzupGqJkipqfVXxAG/P+mN6ln2H027Bu
bKiPDpPK/iTVTYXfxvXiKGOk7/Vxbn0YZdjsS3BYES1SWqrzP8R/irL0hahpL6lnWDjO
vDZQ==
X-Gm-Message-State: AOJu0Yxknq2wyAFIkaYE6AsSdBEKkgVGPD0I3yZRmJQAAgr5ehTWhl24
+/LpteaecjnzukjxNex1GDeWUW5qF1oEUFuoxWXvkBjczkgFHATm+XCwHYI5
X-Gm-Gg: ASbGncv6JPikDVxxB7NCzOEiMpd5gKkRFGEROn8T77KwIb8xauLS/vZdSQsMKI8QTh3
pWD5DUAOUlnJuVy0kgTNgBqhlaX7q+sxKXJboMsm6nzqarPKL0Pa7MIYDppvMyr1++DkMKOPjxO
hC27mWfeBdKZvQ8PEUzud0Aj2MIbMNLQ5UWQNux5x0iaHU/0L7KUre5i1svQXxPoMQZUMTZmVIF
5Yuu3rjn7AWN7+uxc/SI1pLJT2axxtEPWHT7wI49wNQ2Z1y9AujNwKHR+m9UyRGapjnJJpJ001A
WDcQoL1p2FU=
X-Google-Smtp-Source:
AGHT+IH/rokoDHhdWH70D8pzZfQjuA3uS056hYXnmvp8qqmn4tHgv2fW5pCbgpVbtlqmIXl+0w3e8w==
X-Received: by 2002:aa7:8895:0:b0:71e:2a0:b0b8 with SMTP id
d2e1a72fcca58-72abdd3c48emr83145233b3a.1.1736232896082;
Mon, 06 Jan 2025 22:54:56 -0800 (PST)
Received: from KASONG-MC4.tencent.com ([43.132.141.20])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-72aad90b338sm32692136b3a.174.2025.01.06.22.54.53
(version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
Mon, 06 Jan 2025 22:54:55 -0800 (PST)
From: Kairui Song <ryncsn@gmail.com>
To: linux-mm@kvack.org
Cc: Minchan Kim <minchan@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org,
Kairui Song <kasong@tencent.com>,
stable@vger.kernel.org
Subject: [PATCH] zram: fix potential UAF of zram table
Date: Tue, 7 Jan 2025 14:54:46 +0800
Message-ID: <20250107065446.86928-1-ryncsn@gmail.com>
X-Mailer: git-send-email 2.47.1
Reply-To: Kairui Song <kasong@tencent.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspam-User:
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 67B7E140008
X-Stat-Signature: mg5ho37ehwz6osbm5ejioy8t6jmj4h1g
X-HE-Tag: 1736232898-316036
X-HE-Meta:
U2FsdGVkX1+WkCHp35mv+GyjXHn3222lfk8z/Mpq4dPbqFoxeWNhpNmDwZ324e/UbPur6Ax/hdY41pTtZKfcLZ7Ek4SdvDURLz+oj4uPSNSRd0T4cB2PG8LQNx1SK9g50FEh4It4Z44Ak/GOw78QKzfBy0yHJ6cZDkK7pHgBZlgNioqkxFThi00CKkt3Sm90LtkCu4s5hDunae44DZlIlAAY3H/RhAl30yHtaEAjAQQiemRO4QCRl6pvI2xDxAzjbzf5Yxdiql/ZKVrFUiP2irsCF+JOMqd4e4A/13cbM+wNx/K8d8KQJ4rWvR1Qa83mbkrGok4nIHwqhf5gu6JACVnoZKS1B+ncQogt27aD94MBUHWaw/dELWvSCGQFAtc0/e7MuVEsjd8j/2ic8qAtV+OJXnjXf1Zu1oC0lml5HmqADCb6hG5q30eXC1+cp1Oiw1Adfg0zSiW+e0Uztv5imILZtQymcaXpjODTuvdKgqCddn8dLO6qR9s4MG4ex160T9V/rDbAKgIvSkyQ/qQLDQhNnzdx90jx7O2q49Xln2lEI7Lr2/EHqq55piskNxT0oAaDXZ0IytDl+lE3q5imheZiYkuVfgkNL/T+wX4d7YqmOOUMG4zEDUtw6Z7cBKi6uDoKLSqowICr7qmXbbq0O4VX1Gw/lUhop62tTRKly8RKT7h9nz19opv7E/BCxAnpmea7YPkDiwfpCsz66z3ddRNCJUKM14o44HRF/9YCErw9jTkz7204h3Y9nPSsMJgiqKevbS03BZyGZZ5/eo3F/zpDeNgvvjA/eJiwUEM08jl6oO2EX4FgHSJH6y72k5WHVaS265QS9mi5h3PQlefURqBW8617gc0xy9x4oWV6kWN5zd68u1r5VpZYmW5b2rtZLjOX3cT3UJDANKWg25FzTMoO+uHomBgvNNDnrbO+aM17xeyPjcSmRmXFKMVdk4r4MRbo+EQNcsYFUkjwNsd
+m3umRpg
QW7oCXuiS1X+YzqjypXkaFZ+gfzvdUgp0nw1DpPW1HIv/d7Izpgd5rBHxLlxa3xBpD0g8V/xq1SwU/5PutaB/NUfnKzd1qTtKA2Gl7zuT5TujDqA9RUHTmQJTM1Ie0O/bWXPrMbxkya6CwSUVC+1WtF1DAQSVRe6BfX41hYIltboFdOIX6u+CH4A2KiV12VjSPrIBQs6O4elt/+KNoGwakFvlT+kFe5VIl/tijzEg5AF3WgAkM5yxdnauuUS1fhkxI7bI36CYsYtbjHwDh5plWa513nO6FqaFPAteo6JcWl1rtdxmL+hMbUKNIwYHoq1oh/RQS4EPYwDvqNC/GhXPz2iTdyfF0+GE5hdq5fV11U6OZ2jfMoETYsqWz1PxJXuD6sUtv2ntp4OFaiPWv1psxE3WTqQB93Y86dJtrWHvfWZMc2ZITQAImUQTb+IxKi3B3lddl3jW/TifuvlBO68lV/XMY5nKLHXxMIAMUca3z8SqTSEcfJ4qnEmV0yxhbbcItLRP4aNMMTq+NIDs/LW9JtR1TQbbvetYKoDhmOXrUBePhchE1eS7VvTbmn0XbBuf1o7e
X-Bogosity: Ham, tests=bogofilter, spamicity=0.005516, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>
|
| Series |
zram: fix potential UAF of zram table
|
expand
|
On (25/01/07 14:54), Kairui Song wrote: > From: Kairui Song <kasong@tencent.com> > > If zram_meta_alloc failed early, it frees allocated zram->table without > setting it NULL. Which will potentially cause zram_meta_free to access > the table if user reset an failed and uninitialized device. > > Fixes: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") > Cc: <stable@vger.kernel.org> > Signed-off-by: Kairui Song <kasong@tencent.com> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 5b8e4f4171ab..70ecaee25c20 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -1465,6 +1465,7 @@ static bool zram_meta_alloc(struct zram *zram, u64 disksize) zram->mem_pool = zs_create_pool(zram->disk->disk_name); if (!zram->mem_pool) { vfree(zram->table); + zram->table = NULL; return false; }