Go to file
Alan Stern 871fd7b10b USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
commit 014bcf41d9 upstream.

The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
in the ATA ID information to calculate cylinder and head values when
creating a CDB for READ or WRITE commands.  The calculation involves
division and modulus operations, which will cause a crash if either of
these values is 0.  While this never happens with a genuine device, it
could happen with a flawed or subversive emulation, as reported by the
syzbot fuzzer.

Protect against this possibility by refusing to bind to the device if
either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
information is 0.  This requires isd200_Initialization() to return a
negative error code when initialization fails; currently it always
returns 0 (even when there is an error).

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+28748250ab47a8f04100@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-usb/0000000000003eb868061245ba7f@google.com/
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/b1e605ea-333f-4ac0-9511-da04f411763e@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 15:28:42 +02:00
arch SEV: disable SEV-ES DebugSwap by default 2024-04-03 15:28:41 +02:00
block Revert "block/mq-deadline: use correct way to throttling write requests" 2024-04-03 15:28:33 +02:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: jitter - fix CRYPTO_JITTERENTROPY help text 2024-03-26 18:19:52 -04:00
Documentation docs: Restore "smart quotes" for quotes 2024-04-03 15:28:22 +02:00
drivers USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command 2024-04-03 15:28:42 +02:00
fs NFSD: Fix nfsd_clid_class use of __string_len() macro 2024-04-03 15:28:35 +02:00
include Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory 2024-04-03 15:28:39 +02:00
init init/Kconfig: lower GCC version check for -Warray-bounds 2024-04-03 15:28:41 +02:00
io_uring io_uring: clean rings on NO_MMAP alloc fail 2024-04-03 15:28:31 +02:00
ipc Add x86 shadow stack support 2023-08-31 12:20:12 -07:00
kernel tracing: Use .flush() call to wake up readers 2024-04-03 15:28:41 +02:00
lib pci_iounmap(): Fix MMIO mapping leak 2024-04-03 15:28:17 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm, mmap: fix vma_merge() case 7 with vma_ops->close 2024-04-03 15:28:40 +02:00
net xfrm: Avoid clang fortify warning in copy_to_user_tmpl() 2024-04-03 15:28:40 +02:00
rust rust: upgrade to Rust 1.73.0 2024-02-16 19:10:43 +01:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
scripts kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 2024-04-03 15:28:29 +02:00
security landlock: Warn once if a Landlock action is requested while disabled 2024-04-03 15:28:27 +02:00
sound ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform 2024-04-03 15:28:42 +02:00
tools selftests: mptcp: diag: return KSFT_FAIL not test_cnt 2024-04-03 15:28:40 +02:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt KVM: Always flush async #PF workqueue when vCPU is being destroyed 2024-04-03 15:28:18 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add Catherine as xfs maintainer for 6.6.y 2024-02-16 19:10:43 +01:00
Makefile Linux 6.6.23 2024-03-26 18:22:53 -04:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.