From: Sebastian Ott Date: Mon, 25 Oct 2010 14:10:46 +0000 (+0200) Subject: [S390] dasd: fix use after free in dbf X-Git-Tag: v4.13~17102^2~8 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=26cffecf84c8cb33787dd13a72bd2124d107d413;p=mirror_ubuntu-bionic-kernel.git [S390] dasd: fix use after free in dbf Writing to /proc/dasd/statistics while the debug level of the generic dasd debug entry is set to DBF_DEBUG will lead to an use after free when accessing the debug entry later. Since for the format string "%s" in the s390 dbf only a pointer to the string is stored in the debug feature and the buffer used here is freed afterwards. To fix this just remove the debug message. Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky --- diff --git a/drivers/s390/block/dasd_proc.c b/drivers/s390/block/dasd_proc.c index 2eb025592809..c4a6a31bd9cd 100644 --- a/drivers/s390/block/dasd_proc.c +++ b/drivers/s390/block/dasd_proc.c @@ -251,7 +251,6 @@ static ssize_t dasd_stats_proc_write(struct file *file, buffer = dasd_get_user_string(user_buf, user_len); if (IS_ERR(buffer)) return PTR_ERR(buffer); - DBF_EVENT(DBF_DEBUG, "/proc/dasd/statictics: '%s'\n", buffer); /* check for valid verbs */ str = skip_spaces(buffer);