From a23a49cd9fad7d590861534a107d35b8ddc2ce96 Mon Sep 17 00:00:00 2001 From: miaoguanqin Date: Tue, 12 Sep 2023 16:48:51 +0800 Subject: [PATCH] fix null pointer for incremental in mdadm --- ...ull-pointer-for-incremental-in-mdadm.patch | 43 +++++++++++++++++++ mdadm.spec | 6 ++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 6022-Fix-null-pointer-for-incremental-in-mdadm.patch diff --git a/6022-Fix-null-pointer-for-incremental-in-mdadm.patch b/6022-Fix-null-pointer-for-incremental-in-mdadm.patch new file mode 100644 index 0000000..be9047a --- /dev/null +++ b/6022-Fix-null-pointer-for-incremental-in-mdadm.patch @@ -0,0 +1,43 @@ +From 890212d6800646153210ac264ce73035cc7dd5cc Mon Sep 17 00:00:00 2001 +From: miaoguanqin +Date: Tue, 4 Apr 2023 19:31:24 +0800 +Subject: [PATCH] Fix null pointer for incremental in mdadm + +when we excute mdadm --assemble, udev-md-raid-assembly.rules is triggered. +Then we stop array, we found an coredump for mdadm --incremental.func +stack are as follows: + +#0 enough (level=10, raid_disks=4, layout=258, clean=1, + avail=avail@entry=0x0) at util.c:555 +#1 0x0000562170c26965 in Incremental (devlist=, + c=, st=0x5621729b6dc0) at Incremental.c:514 +#2 0x0000562170bfb6ff in main (argc=, + argv=) at mdadm.c:1762 + +func enough() use array avail,avail allocate space in func count_active, +it may not alloc space, causing a coredump.We fix this coredump. + +Signed-off-by: Guanqin Miao +Signed-off-by: lixiaokeng +Signed-off-by: Jes Sorensen +--- + Incremental.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Incremental.c b/Incremental.c +index 09b94b9f..49a71f72 100644 +--- a/Incremental.c ++++ b/Incremental.c +@@ -507,6 +507,9 @@ int Incremental(struct mddev_dev *devlist, struct context *c, + GET_OFFSET | GET_SIZE)); + active_disks = count_active(st, sra, mdfd, &avail, &info); + ++ if (!avail) ++ goto out_unlock; ++ + journal_device_missing = (info.journal_device_required) && (info.journal_clean == 0); + + if (info.consistency_policy == CONSISTENCY_POLICY_PPL) +-- +2.27.0 + diff --git a/mdadm.spec b/mdadm.spec index 52d1e96..11a75e7 100644 --- a/mdadm.spec +++ b/mdadm.spec @@ -1,6 +1,6 @@ Name: mdadm Version: 4.1 -Release: rc2.0.15 +Release: rc2.0.16 Summary: The software RAID arrays user manage tools License: GPLv2+ URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/ @@ -32,6 +32,7 @@ Patch6018: 6018-mdadm-block-creation-with-long-names.patch Patch6019: 6019-mdadm-Don-t-open-md-device-for-CREATE-and-ASSEMBLE.patch Patch6020: 6020-fix-NULL-dereference-in-super_by_fd.patch Patch6021: 6021-Fix-memory-leak-after-mdadm-detail.patch +Patch6022: 6022-Fix-null-pointer-for-incremental-in-mdadm.patch BuildRequires: systemd gcc binutils Requires(post): systemd coreutils @@ -94,6 +95,9 @@ install -d -m 710 %{buildroot}/var/run/mdadm/ %{_mandir}/man*/* %changelog +* Tue Sep 12 2023 miaoguanqin - 4.1-rc2.0.16 +- fix null pointer for incremental in mdadm + * Thu Sep 7 2023 miaoguanqin - 4.1-rc2.0.15 - fix CVE-2023-28938 for mdadm -- Gitee