# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit} fa520c47eaa15b9baa8ad66ac18da4a31679693b already have revision, skipping fetch # git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b # git clean -qxdf # < git log -1 # commit fa520c47eaa15b9baa8ad66ac18da4a31679693b # Author: Eric Sandeen # Date: Wed Oct 17 15:23:59 2018 +0100 # # fscache: Fix out of bound read in long cookie keys # # fscache_set_key() can incur an out-of-bounds read, reported by KASAN: # # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache] # Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615 # # and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236 # # BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline] # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171 # Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466 # # This happens for any index_key_len which is not divisible by 4 and is # larger than the size of the inline key, because the code allocates exactly # index_key_len for the key buffer, but the hashing loop is stepping through # it 4 bytes (u32) at a time in the buf[] array. # # Fix this by calculating how many u32 buffers we'll need by using # DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation # buffer to hold the index_key, then using that same count as the hashing # index limit. # # Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies") # Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com # Signed-off-by: Eric Sandeen # Cc: stable # Signed-off-by: David Howells # Signed-off-by: Greg Kroah-Hartman # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b # < make -s -j 48 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- ppc44x_defconfig # make -s -j 48 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:185:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery': /kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:251:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:231:19: note: 'i' was declared here /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:341:21: note: 'pdeo' was declared here /kisskb/src/net/bridge/br_netlink.c: In function 'br_afspec': /kisskb/src/net/bridge/br_netlink.c:647:7: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c: In function 'tun_get_user': /kisskb/src/drivers/net/tun.c:1794:30: warning: 'copylen' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1704:46: warning: 'linear' may be used uninitialized in this function [-Wuninitialized] arch/powerpc/boot/katmai.dtb: Warning (pci_bridge): /plb/pciex@d00000000: node name is not "pci" or "pcie" arch/powerpc/boot/katmai.dtb: Warning (pci_bridge): /plb/pciex@d20000000: node name is not "pci" or "pcie" arch/powerpc/boot/katmai.dtb: Warning (pci_bridge): /plb/pciex@d40000000: node name is not "pci" or "pcie" arch/powerpc/boot/katmai.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5374fc) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x547ba8) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2646965 Bytes = 2584.93 KiB = 2.52 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672655 Bytes = 2610.01 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 0060110c Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672625 Bytes = 2609.99 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 006000a4 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672856 Bytes = 2610.21 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 006010f4 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672721 Bytes = 2610.08 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 00601114 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672703 Bytes = 2610.06 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 00601104 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672711 Bytes = 2610.07 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 00601118 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672703 Bytes = 2610.06 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 00600178 Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672859 Bytes = 2610.21 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 0060110c Image Name: Linux-4.19.0-rc8-gfa520c47eaa1 Created: Fri Oct 19 02:34:42 2018 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2672678 Bytes = 2610.04 KiB = 2.55 MiB Load Address: 00600000 Entry Point: 00601100 Completed OK # rm -rf /kisskb/build/linus_ppc44x_defconfig_powerpc # Build took: 0:00:38.904547