Commit 8a627d72 authored by Zhang Shurong's avatar Zhang Shurong Committed by sanglipeng
Browse files

md: raid1: fix potential OOB in raid1_remove_disk() 

stable inclusion
from stable-v5.10.197
commit 7993cfc041481a3a9cd4a3858088fc846b8ccaf7
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I96Q8P

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7993cfc041481a3a9cd4a3858088fc846b8ccaf7



--------------------------------

[ Upstream commit 8b0472b5 ]

If rddev->raid_disk is greater than mddev->raid_disks, there will be
an out-of-bounds in raid1_remove_disk(). We have already found
similar reports as follows:

1) commit d17f744e ("md-raid10: fix KASAN warning")
2) commit 1ebc2cec ("dm raid: fix KASAN warning in raid5_remove_disk")

Fix this bug by checking whether the "number" variable is
valid.

Signed-off-by: default avatarZhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: default avatarYu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/tencent_0D24426FAC6A21B69AC0C03CE4143A508F09@qq.com


Signed-off-by: default avatarSong Liu <song@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent e1eb2cdc
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment