diff options
| author | Rafał Miłecki <rafal@milecki.pl> | 2022-10-04 12:04:37 +0200 |
|---|---|---|
| committer | Rafał Miłecki <rafal@milecki.pl> | 2022-10-04 13:09:47 +0200 |
| commit | 221c6242deceb49b04da9886761d28c18202609a (patch) | |
| tree | 460a51423de74eae5ada889caf85d9bc81808b88 | |
| parent | abf2c60e715bbaf0e1e7a229d82d8a615840806e (diff) | |
| download | upstream-221c6242deceb49b04da9886761d28c18202609a.tar.gz upstream-221c6242deceb49b04da9886761d28c18202609a.tar.bz2 upstream-221c6242deceb49b04da9886761d28c18202609a.zip | |
kernel: fix possible mtd NULL pointer dereference
Fixes: edf3363959d3c ("kernel: backport mtd dynamic partition patch")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a5265497a4f6da158e95d6a450cb2cb6dc085cab)
3 files changed, 32 insertions, 2 deletions
diff --git a/target/linux/generic/backport-5.4/415-v6.0-mtd-core-check-partition-before-dereference.patch b/target/linux/generic/backport-5.4/415-v6.0-mtd-core-check-partition-before-dereference.patch new file mode 100644 index 0000000000..028f5baaaa --- /dev/null +++ b/target/linux/generic/backport-5.4/415-v6.0-mtd-core-check-partition-before-dereference.patch @@ -0,0 +1,30 @@ +From 7ec4cdb321738d44ae5d405e7b6ac73dfbf99caa Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> +Date: Mon, 25 Jul 2022 22:49:25 +0900 +Subject: [PATCH] mtd: core: check partition before dereference + +syzbot is reporting NULL pointer dereference at mtd_check_of_node() [1], +for mtdram test device (CONFIG_MTD_MTDRAM) is not partition. + +Link: https://syzkaller.appspot.com/bug?extid=fe013f55a2814a9e8cfd [1] +Reported-by: syzbot <syzbot+fe013f55a2814a9e8cfd@syzkaller.appspotmail.com> +Reported-by: kernel test robot <oliver.sang@intel.com> +Fixes: ad9b10d1eaada169 ("mtd: core: introduce of support for dynamic partitions") +Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> +CC: stable@vger.kernel.org +Signed-off-by: Richard Weinberger <richard@nod.at> +--- + drivers/mtd/mtdcore.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/mtd/mtdcore.c ++++ b/drivers/mtd/mtdcore.c +@@ -602,6 +602,8 @@ static void mtd_check_of_node(struct mtd + return; + + /* Check if a partitions node exist */ ++ if (!mtd_is_partition(mtd)) ++ return; + parent = mtd_get_master(mtd); + parent_dn = dev_of_node(&parent->dev); + if (!parent_dn) diff --git a/target/linux/generic/pending-5.4/480-mtd-set-rootfs-to-be-root-dev.patch b/target/linux/generic/pending-5.4/480-mtd-set-rootfs-to-be-root-dev.patch index 1189ce0f89..2544fa4b69 100644 --- a/target/linux/generic/pending-5.4/480-mtd-set-rootfs-to-be-root-dev.patch +++ b/target/linux/generic/pending-5.4/480-mtd-set-rootfs-to-be-root-dev.patch @@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org> #include <linux/nvmem-provider.h> #include <linux/mtd/mtd.h> -@@ -760,6 +761,15 @@ int add_mtd_device(struct mtd_info *mtd) +@@ -762,6 +763,15 @@ int add_mtd_device(struct mtd_info *mtd) of this try_ nonsense, and no bitching about it either. :) */ __module_get(THIS_MODULE); diff --git a/target/linux/generic/pending-5.4/495-mtd-core-add-get_mtd_device_by_node.patch b/target/linux/generic/pending-5.4/495-mtd-core-add-get_mtd_device_by_node.patch index a73775783e..ada1415853 100644 --- a/target/linux/generic/pending-5.4/495-mtd-core-add-get_mtd_device_by_node.patch +++ b/target/linux/generic/pending-5.4/495-mtd-core-add-get_mtd_device_by_node.patch @@ -17,7 +17,7 @@ Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c -@@ -1142,6 +1142,44 @@ out_unlock: +@@ -1144,6 +1144,44 @@ out_unlock: } EXPORT_SYMBOL_GPL(get_mtd_device_nm); |