From: Stefan Haberland <sth@linux.ibm.com>
Date: Wed, 23 Nov 2022 17:07:19 +0100
Subject: s390/dasd: fix possible buffer overflow in copy_pair_show
Git-commit: 7e8a05b47ba7200f333eefd19979eeb4d273ceec
Patch-mainline: v6.1-rc7
References: jsc#PED-599
dasd_copy_relation->entry[] array might be accessed out of bounds if the
loop does not break.
Fixes: a91ff09d39f9 ("s390/dasd: add copy pair setup")
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20221123160719.3002694-5-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
drivers/s390/block/dasd_devmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/s390/block/dasd_devmap.c
+++ b/drivers/s390/block/dasd_devmap.c
@@ -1957,7 +1957,7 @@ dasd_copy_pair_show(struct device *dev,
break;
}
}
- if (!copy->entry[i].primary)
+ if (i == DASD_CP_ENTRIES)
goto out;
/* print all secondary */