Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1389259ybz; Thu, 16 Apr 2020 08:19:25 -0700 (PDT) X-Google-Smtp-Source: APiQypKTL/H5xWI0FmTsiuhNL91BuiuZhPtTBGrbaF/yY4SfVPoroAZxm+RnIZDfA0eou4Pu6kxX X-Received: by 2002:a05:6402:1bc4:: with SMTP id ch4mr31335684edb.80.1587050365626; Thu, 16 Apr 2020 08:19:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587050365; cv=none; d=google.com; s=arc-20160816; b=QDiVZa6Q8BA7qyaKzHfblHBzBtV+m+cLIzdAr2jcQ8yXdadtqjl2k1PhPG9tdv1fY1 eRxLrjYXRQHzXULTmLuEco2Vl96xDoAoJVfh5NvQi+3Dw1nN2HD1mGnqWpcNlTzP6Ush /3L4l25poZSImRSL2geM9an1KkXsX//+vnh2xRh87/mSmkQCYcds73otT5rdAWrxaSOx KrzY6nebAFPwnMj/SWjsbMpvahr/GcPJrHf4GnM2yhhkojyLdeLjOgAc2ZOJcpJrXIZr 1E14JUvcI3UHTw8S4p9E+t+x6qXOKs+gzjYjcFVIGvitCtKAYysOjFae66oGgTtJc27Y pi2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ojddwXhrm0XbOa7R34e2luoITGpUJRhqVNeFHirJx5A=; b=ffEFNpXKYsEXXECwcw8Vl1qNZqmDMxaK2XcBJ8lc606s7LJOtY2I+SLd4ywrqTql15 MpKNvu93gh4ugy+M3jinB+trPfQySl99OW3j26pNPGK+3APc1KzYwXKMtMAlfyXuWMEq V6pxWD714GS9blEOGpjLqb3lLyiyoZMQ9JaamAQVl0ZSZJsLXr46dmZy8TkxRTOSeZw7 FRx/yloQOzRFqJP1hYGqXX55+mrwBYpvb1q1/C1kZ8TdEwwXTOkUePC1kOqPdarUafgr /KGV0htZPCYIY0BhbtPdUmp1TZ+8k8cXKuw06RirkbgsXrWSoOBRScR+vWF2KSg/fAsJ CM4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=I4j1tlaZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z90si2475270ede.599.2020.04.16.08.19.02; Thu, 16 Apr 2020 08:19:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=I4j1tlaZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2441872AbgDPPRR (ORCPT + 99 others); Thu, 16 Apr 2020 11:17:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:34908 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2897910AbgDPNtA (ORCPT ); Thu, 16 Apr 2020 09:49:00 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2F19421974; Thu, 16 Apr 2020 13:48:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587044938; bh=sx45Uwi9HL8SOXQQ+SHRVo3vX2MTBnunEBdM1KHUGpM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I4j1tlaZqPLk951VoP4/xlwJYJ73cbDBKk1BG/qzrcgZU4fkTRefQvfmkM9dE9wFa MLbyVJAR37U+kyVaJppNcFR01J3gsplQhHNtyeLFRtYzMDc9IcTb/Qlh1+eoBwCBWl DKbqNY7LTEeP49mUV6yejWyI6RtjUhGrPzFsVxSM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mikulas Patocka , Mike Snitzer Subject: [PATCH 5.4 162/232] dm integrity: fix a crash with unusually large tag size Date: Thu, 16 Apr 2020 15:24:16 +0200 Message-Id: <20200416131335.281116424@linuxfoundation.org> X-Mailer: git-send-email 2.26.1 In-Reply-To: <20200416131316.640996080@linuxfoundation.org> References: <20200416131316.640996080@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mikulas Patocka commit b93b6643e9b5a7f260b931e97f56ffa3fa65e26d upstream. If the user specifies tag size larger than HASH_MAX_DIGESTSIZE, there's a crash in integrity_metadata(). Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman --- drivers/md/dm-integrity.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -1514,7 +1514,7 @@ static void integrity_metadata(struct wo struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); char *checksums; unsigned extra_space = unlikely(digest_size > ic->tag_size) ? digest_size - ic->tag_size : 0; - char checksums_onstack[HASH_MAX_DIGESTSIZE]; + char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; unsigned sectors_to_process = dio->range.n_sectors; sector_t sector = dio->range.logical_sector; @@ -1743,7 +1743,7 @@ retry_kmap: } while (++s < ic->sectors_per_block); #ifdef INTERNAL_VERIFY if (ic->internal_hash) { - char checksums_onstack[max(HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; + char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; integrity_sector_checksum(ic, logical_sector, mem + bv.bv_offset, checksums_onstack); if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) {