diff --git a/SOURCES/0202-platform-intel-fix-buffer-overflow.patch b/SOURCES/0202-platform-intel-fix-buffer-overflow.patch new file mode 100644 index 0000000..e9719b9 --- /dev/null +++ b/SOURCES/0202-platform-intel-fix-buffer-overflow.patch @@ -0,0 +1,48 @@ +From 7f960c3bd050e76f8bf0a8a0c8fbdcbaa565fc78 Mon Sep 17 00:00:00 2001 +From: Blazej Kucman +Date: Fri, 22 Nov 2024 11:01:04 +0100 +Subject: [PATCH 1/1] platform-intel: fix buffer overflow + +mdadm -C /dev/md/imsm0 -e imsm -n 2 /dev/nvme5n1 /dev/nvme4n1 -R +mdadm -C /dev/md/r0d2 -l 0 -n 2 /dev/nvme5n1 /dev/nvme4n1 -R +*** buffer overflow detected ***: terminated +Aborted (core dumped) + +Issue is related to D_FORTIFY_SOURCE=3 flag and depends on environment, +especially compiler version. In function active_arrays_by_format length of +path buffer is calculated dynamically based on parameters, while PATH_MAX +is used in snprintf, this is my lead to buffer overflow. + +It is fixed by change dynamic length calculation, to use define PATH_MAX +for path length. + +Signed-off-by: Blazej Kucman +--- + super-intel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/super-intel.c b/super-intel.c +index 87026f5a0e80..9c464945d09c 100644 +--- a/super-intel.c ++++ b/super-intel.c +@@ -7055,7 +7055,8 @@ active_arrays_by_format(char *name, char* hba, struct md_list **devlist, + int fd = -1; + + while (dev && !is_fd_valid(fd)) { +- char *path = xmalloc(strlen(dev->name) + strlen("/dev/") + 1); ++ char path[PATH_MAX]; ++ + num = snprintf(path, PATH_MAX, "%s%s", "/dev/", dev->name); + if (num > 0) + fd = open(path, O_RDONLY, 0); +@@ -7063,7 +7064,6 @@ active_arrays_by_format(char *name, char* hba, struct md_list **devlist, + pr_vrb("Cannot open %s: %s\n", + dev->name, strerror(errno)); + } +- free(path); + dev = dev->next; + } + found = 0; +-- +2.32.0 (Apple Git-132) + diff --git a/SOURCES/0203-imsm-fix-tpv-drvies-check-in-add_to_super.patch b/SOURCES/0203-imsm-fix-tpv-drvies-check-in-add_to_super.patch new file mode 100644 index 0000000..fe96c49 --- /dev/null +++ b/SOURCES/0203-imsm-fix-tpv-drvies-check-in-add_to_super.patch @@ -0,0 +1,39 @@ +From 8032700b7a44df2dd54af478940938958c08dcf0 Mon Sep 17 00:00:00 2001 +From: Blazej Kucman +Date: Wed, 20 Nov 2024 16:50:25 +0100 +Subject: [PATCH 1/1] imsm: fix tpv drvies check in add_to_super + +Before the mentioned patch, the check to verify if IMSM on current +platform supports a use of TPV (other than Intel) disk, was only performed +for non-Intel disks, after it is performed for all. This change causes +inability to use any disk when platform does not support TPV drives, +attempt results in the following error. + +mdadm: Platform configuration does not support non-Intel NVMe drives. + Please refer to Intel(R) RSTe/VROC user guide. + +This change restores the check if the disk is non-Intel. + +Fixes: 734e7db4dfc5 ("imsm: Remove warning and refactor add_to_super_imsm code") +Signed-off-by: Blazej Kucman +--- + super-intel.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/super-intel.c b/super-intel.c +index 9c464945d09c..7e3c5f2b7047 100644 +--- a/super-intel.c ++++ b/super-intel.c +@@ -6121,7 +6121,8 @@ static int add_to_super_imsm(struct supertype *st, mdu_disk_info_t *dk, + pr_err("%s controller supports Multi-Path I/O, Intel (R) VROC does not support multipathing\n", + basename(cntrl_path)); + +- if (super->orom && !imsm_orom_has_tpv_support(super->orom)) { ++ if (super->orom && devpath_to_vendor(pci_dev_path) != 0x8086 && ++ !imsm_orom_has_tpv_support(super->orom)) { + pr_err("\tPlatform configuration does not support non-Intel NVMe drives.\n" + "\tPlease refer to Intel(R) RSTe/VROC user guide.\n"); + goto error; +-- +2.32.0 (Apple Git-132) + diff --git a/SPECS/mdadm.spec b/SPECS/mdadm.spec index 76f5658..c8f7f9d 100644 --- a/SPECS/mdadm.spec +++ b/SPECS/mdadm.spec @@ -3,8 +3,8 @@ Name: mdadm Version: 4.3 # extraversion is used to define rhel internal version -%define extraversion 4 -Release: %{extraversion}%{?dist}.1 +%define extraversion 5 +Release: %{extraversion}%{?dist} Summary: The mdadm program controls Linux md devices (software RAID arrays) URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/ License: GPLv2+ @@ -215,6 +215,8 @@ Patch190: 0198-mdadm.man-Add-udev-rules-flag.patch Patch191: 0199-util-use-only-dev-directory-in-open_dev.patch Patch192: 0200-mdadm-Manage-Clear-superblock-if-adding-new-device-f.patch Patch193: 0201-mdadm-Grow-Check-new_level-interface-rather-than-ker.patch +Patch194: 0202-platform-intel-fix-buffer-overflow.patch +Patch195: 0203-imsm-fix-tpv-drvies-check-in-add_to_super.patch # Fedora customization patches Patch197: mdadm-udev.patch @@ -298,6 +300,10 @@ install -m644 %{SOURCE5} %{buildroot}/etc/libreport/events.d /usr/share/mdadm/mdcheck %changelog +* Tue Dec 3 2024 Xiao Ni - 4.3-5 +- Two create command problems +- Resolves: RHEL-69286, RHEL-68654 + * Tue Oct 29 2024 Troy Dawson - 4.3-4.1 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018