From patchwork Thu Jul 26 01:46:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mauricio Faria de Oliveira <mfo@canonical.com>
X-Patchwork-Id: 10545053
Return-Path: <linux-block-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3321E1822
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:47:02 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 205512A139
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:47:02 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1EC7E2AB1A; Thu, 26 Jul 2018 01:47:02 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C30ED2AB19
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:47:01 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728496AbeGZDBY (ORCPT
        <rfc822;patchwork-linux-block@patchwork.kernel.org>);
        Wed, 25 Jul 2018 23:01:24 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:38293 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728452AbeGZDBN (ORCPT
        <rfc822;linux-block@vger.kernel.org>);
        Wed, 25 Jul 2018 23:01:13 -0400
Received: from mail-qk0-f197.google.com ([209.85.220.197])
        by youngberry.canonical.com with esmtps
 (TLS1.0:RSA_AES_128_CBC_SHA1:16)
        (Exim 4.76)
        (envelope-from <mfo@canonical.com>)
        id 1fiVMd-0005ev-0h
        for linux-block@vger.kernel.org; Thu, 26 Jul 2018 01:46:47 +0000
Received: by mail-qk0-f197.google.com with SMTP id h67-v6so94739qke.18
        for <linux-block@vger.kernel.org>;
 Wed, 25 Jul 2018 18:46:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=IuEOiW/cv6Eng2xVlGMmOOASiU62pe70QuaMljcdVh8=;
        b=qersOPLPHMO/QZDJBm2uBLAfNH9GRpcwl0pNfQXnBvBmXsByU5dOqAJq40vStnCWB6
         tVQfVbfD/sjyLAM728R9QsWF1qsZ68LqWXPil5ICcULxOP+xuG8Kkp2m9segDlCb+nav
         buF3cyhUSprWg+gZAduCrkpoXQ6toolwP6rXkL4x8HHuKIVlVy2upq4g5kr31CTD5mBl
         D0iEK6hhm/BDDygWqGODY+a5m5SpZ8ff+HXU7w06gOmFmIVVhZaYyT/eL7UZKtW0vR0q
         C2DKu14PmBXHbompFeYBIoYxNXQLskaOCGpy9WMOkdSrz655qbCx1MoBoB/SFvqv4Tby
         BRRw==
X-Gm-Message-State: AOUpUlGJZ4yOm4mmmFFvMTiu2Z8kNeplS9AiLNbqTjCAqNxC+PtAtvdM
        2Z+0UNr8SMpDip+7qzPbKf8JsJGfy6GWcwLVUyPg7kgn/IHz8idIi1MUbA+4OnH7nf/6CoHRSdT
        KTDtn3JE+JtXy9h0g5RDQru8qqJbY3kHypzKZIINc
X-Received: by 2002:ac8:3318:: with SMTP id
 t24-v6mr23012281qta.224.1532569606241;
        Wed, 25 Jul 2018 18:46:46 -0700 (PDT)
X-Google-Smtp-Source: 
 AAOMgpfx+Cr6OYC6xX4Hgu0K+vzQxFDyW2aVo3duP1S3HpbiDldZ9oKb8AiBNynxw6he3v2TxFhueQ==
X-Received: by 2002:ac8:3318:: with SMTP id
 t24-v6mr23012272qta.224.1532569606101;
        Wed, 25 Jul 2018 18:46:46 -0700 (PDT)
Received: from localhost.localdomain ([2804:14c:482:77dd:8111:28ad:fd9c:9a4d])
        by smtp.gmail.com with ESMTPSA id
 r4-v6sm19619qtm.10.2018.07.25.18.46.44
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 25 Jul 2018 18:46:45 -0700 (PDT)
From: Mauricio Faria de Oliveira <mfo@canonical.com>
To: axboe@kernel.dk
Cc: phdm@macqel.be, linux-block@vger.kernel.org,
        linux-kernel@vger.kernel.org, daniel.axtens@canonical.com
Subject: [PATCH 1/2] partitions/aix: fix usage of uninitialized lv_info and
 lvname structures
Date: Wed, 25 Jul 2018 22:46:28 -0300
Message-Id: <20180726014629.30411-2-mfo@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180726014629.30411-1-mfo@canonical.com>
References: <20180726014629.30411-1-mfo@canonical.com>
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-block.vger.kernel.org>
X-Mailing-List: linux-block@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The if-block that sets a successful return value in aix_partition()
uses 'lvip[].pps_per_lv' and 'n[].name' potentially uninitialized.

For example, if 'numlvs' is zero or alloc_lvn() fails, neither is
initialized, but are used anyway if alloc_pvd() succeeds after it.

So, make the alloc_pvd() call conditional on their initialization.

This has been hit when attaching an apparently corrupted/stressed
AIX LUN, misleading the kernel to pr_warn() invalid data and hang.

    [...] partition (null) (11 pp's found) is not contiguous
    [...] partition (null) (2 pp's found) is not contiguous
    [...] partition (null) (3 pp's found) is not contiguous
    [...] partition (null) (64 pp's found) is not contiguous

Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files")
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 block/partitions/aix.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/partitions/aix.c b/block/partitions/aix.c
index 007f95eea0e1..850cbd1860d4 100644
--- a/block/partitions/aix.c
+++ b/block/partitions/aix.c
@@ -178,7 +178,7 @@ int aix_partition(struct parsed_partitions *state)
 	u32 vgda_sector = 0;
 	u32 vgda_len = 0;
 	int numlvs = 0;
-	struct pvd *pvd;
+	struct pvd *pvd = NULL;
 	struct lv_info {
 		unsigned short pps_per_lv;
 		unsigned short pps_found;
@@ -232,10 +232,11 @@ int aix_partition(struct parsed_partitions *state)
 				if (lvip[i].pps_per_lv)
 					foundlvs += 1;
 			}
+			/* pvd loops depend on n[].name and lvip[].pps_per_lv */
+			pvd = alloc_pvd(state, vgda_sector + 17);
 		}
 		put_dev_sector(sect);
 	}
-	pvd = alloc_pvd(state, vgda_sector + 17);
 	if (pvd) {
 		int numpps = be16_to_cpu(pvd->pp_count);
 		int psn_part1 = be32_to_cpu(pvd->psn_part1);

From patchwork Thu Jul 26 01:46:29 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mauricio Faria de Oliveira <mfo@canonical.com>
X-Patchwork-Id: 10545051
Return-Path: <linux-block-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A1A114E2
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:46:53 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 854EF29FAC
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:46:53 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 838A42AB1A; Thu, 26 Jul 2018 01:46:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1BF3B2AAFE
	for <patchwork-linux-block@patchwork.kernel.org>;
 Thu, 26 Jul 2018 01:46:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728716AbeGZDBP (ORCPT
        <rfc822;patchwork-linux-block@patchwork.kernel.org>);
        Wed, 25 Jul 2018 23:01:15 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:38300 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728714AbeGZDBO (ORCPT
        <rfc822;linux-block@vger.kernel.org>);
        Wed, 25 Jul 2018 23:01:14 -0400
Received: from mail-qk0-f200.google.com ([209.85.220.200])
        by youngberry.canonical.com with esmtps
 (TLS1.0:RSA_AES_128_CBC_SHA1:16)
        (Exim 4.76)
        (envelope-from <mfo@canonical.com>)
        id 1fiVMf-0005fG-6T
        for linux-block@vger.kernel.org; Thu, 26 Jul 2018 01:46:49 +0000
Received: by mail-qk0-f200.google.com with SMTP id u68-v6so113463qku.5
        for <linux-block@vger.kernel.org>;
 Wed, 25 Jul 2018 18:46:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=azGIAqjhubvPhiTxDMeOWSUNh8NUi3e8ryLgN8ahl9w=;
        b=B/spiSNzqOmAWY4j6UPmRbF+v2Qxb+WG2nVWNtk4SNveaCD/N3s3zMp5kRj3GYzCK8
         p0Cpn//mgSu5al/8u6ZKjNPh3EpbQK1LzfGcwfLEogTlUbnheMXFHJfmxArpFUNcBfu4
         nFmuyW7IRWZYTc4p9Nq8ZF4AhL3tbE0trvoYxqlMTNF8GzRfIGGsta4pOLt7hDl7wta/
         DTTetjBj1NObxJncPLK2lTtvv22ZumqqfSxWpH2BAAvNgl3mWHyT1Kws8wsWyZoK6Qzv
         5CJN7i6Gm/SSYfaMSL5TMbvsbZ6YQcIfWMzJ9q1QatuYLkH3Fz1pZPySIfAEhOtS1lqO
         YFhQ==
X-Gm-Message-State: AOUpUlE9rGOGaHp3AByGk5aRks7hx50AeKMu6gaolGPmg6Cf3F4tp9X+
        TnFDY80j7/gX6/+bDWS9WuiTokMFmpX4+V8IovqqrIBHnf6Zt2/Y6JPAWoQK/VDDiIdvtWE5Xsw
        Hp4DvrngMHbbN2S4QhEbWOsFr2JFfPWU2oUn+g+DU
X-Received: by 2002:a37:6a82:: with SMTP id
 f124-v6mr21434408qkc.296.1532569608417;
        Wed, 25 Jul 2018 18:46:48 -0700 (PDT)
X-Google-Smtp-Source: 
 AAOMgpcaaDNGU5Wh0qrW2GcuQ/dhhaPZP7JNKqlslNR/AB17iX1Y4f7BSTxTyw5qC+P3Hd+jKbH9nA==
X-Received: by 2002:a37:6a82:: with SMTP id
 f124-v6mr21434399qkc.296.1532569608260;
        Wed, 25 Jul 2018 18:46:48 -0700 (PDT)
Received: from localhost.localdomain ([2804:14c:482:77dd:8111:28ad:fd9c:9a4d])
        by smtp.gmail.com with ESMTPSA id
 r4-v6sm19619qtm.10.2018.07.25.18.46.46
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 25 Jul 2018 18:46:47 -0700 (PDT)
From: Mauricio Faria de Oliveira <mfo@canonical.com>
To: axboe@kernel.dk
Cc: phdm@macqel.be, linux-block@vger.kernel.org,
        linux-kernel@vger.kernel.org, daniel.axtens@canonical.com
Subject: [PATCH 2/2] partitions/aix: append null character to print data from
 disk
Date: Wed, 25 Jul 2018 22:46:29 -0300
Message-Id: <20180726014629.30411-3-mfo@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180726014629.30411-1-mfo@canonical.com>
References: <20180726014629.30411-1-mfo@canonical.com>
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-block.vger.kernel.org>
X-Mailing-List: linux-block@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Even if properly initialized, the lvname array (i.e., strings)
is read from disk, and might contain corrupt data (e.g., lack
the null terminating character for strings).

So, make sure the partition name string used in pr_warn() has
the null terminating character.

Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files")
Suggested-by: Daniel J. Axtens <daniel.axtens@canonical.com>
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 block/partitions/aix.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/partitions/aix.c b/block/partitions/aix.c
index 850cbd1860d4..903f3ed175d0 100644
--- a/block/partitions/aix.c
+++ b/block/partitions/aix.c
@@ -283,10 +283,14 @@ int aix_partition(struct parsed_partitions *state)
 				next_lp_ix += 1;
 		}
 		for (i = 0; i < state->limit; i += 1)
-			if (lvip[i].pps_found && !lvip[i].lv_is_contiguous)
+			if (lvip[i].pps_found && !lvip[i].lv_is_contiguous) {
+				char tmp[sizeof(n[i].name) + 1]; // null char
+
+				snprintf(tmp, sizeof(tmp), "%s", n[i].name);
 				pr_warn("partition %s (%u pp's found) is "
 					"not contiguous\n",
-					n[i].name, lvip[i].pps_found);
+					tmp, lvip[i].pps_found);
+			}
 		kfree(pvd);
 	}
 	kfree(n);