mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/usb/storage
History
Alan Stern 014bcf41d9 USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command 
The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
in the ATA ID information to calculate cylinder and head values when
creating a CDB for READ or WRITE commands.  The calculation involves
division and modulus operations, which will cause a crash if either of
these values is 0.  While this never happens with a genuine device, it
could happen with a flawed or subversive emulation, as reported by the
syzbot fuzzer.

Protect against this possibility by refusing to bind to the device if
either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
information is 0.  This requires isd200_Initialization() to return a
negative error code when initialization fails; currently it always
returns 0 (even when there is an error).

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+28748250ab47a8f04100@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-usb/0000000000003eb868061245ba7f@google.com/
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/b1e605ea-333f-4ac0-9511-da04f411763e@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-02 20:32:03 +01:00
..
alauda.c usb-storage: alauda: Fix uninit-value in alauda_check_media() 2023-08-04 14:57:16 +02:00
cypress_atacb.c
datafab.c
debug.c
debug.h
ene_ub6250.c USB: ene_usb6250: Allocate enough memory for full object 2023-02-06 13:46:42 +01:00
freecom.c
initializers.c
initializers.h
isd200.c USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command 2024-03-02 20:32:03 +01:00
jumpshot.c
karma.c
Kconfig
Makefile
onetouch.c
option_ms.c
option_ms.h
protocol.c
protocol.h
realtek_cr.c
scsiglue.c scsi: sd: usb_storage: uas: Access media prior to querying device properties 2024-02-14 12:46:47 -05:00
scsiglue.h
sddr09.c
sddr55.c
shuttle_usbat.c
sierra_ms.c usb: storage: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() 2023-12-15 13:55:30 +01:00
sierra_ms.h
transport.c
transport.h
uas-detect.h usb-storage,uas: make internal quirks flags 64bit 2023-10-21 12:45:14 +02:00
uas.c scsi: sd: usb_storage: uas: Access media prior to querying device properties 2024-02-14 12:46:47 -05:00
unusual_alauda.h
unusual_cypress.h usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility 2023-10-28 12:23:41 +02:00
unusual_datafab.h
unusual_devs.h usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 2023-12-15 14:00:58 +01:00
unusual_ene_ub6250.h
unusual_freecom.h
unusual_isd200.h
unusual_jumpshot.h
unusual_karma.h
unusual_onetouch.h
unusual_realtek.h
unusual_sddr09.h
unusual_sddr55.h
unusual_uas.h uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 2023-03-16 12:44:17 +01:00
unusual_usbat.h
usb.c usb-storage,uas: make internal quirks flags 64bit 2023-10-21 12:45:14 +02:00
usb.h usb-storage,uas: make internal quirks flags 64bit 2023-10-21 12:45:14 +02:00
usual-tables.c usb-storage,uas: make internal quirks flags 64bit 2023-10-21 12:45:14 +02:00