Buildresult: linus/x86_64-allmodconfig/x86_64-gcc8 built on Oct 19 2018, 02:55
kisskb
Revisions
|
Branches
|
Compilers
|
Configs
|
Build Results
|
Build Failures
|
Status:
OK
Date/Time:
Oct 19 2018, 02:55
Duration:
0:19:39.458798
Builder:
ka2
Revision:
fscache: Fix out of bound read in long cookie keys (
fa520c47eaa15b9baa8ad66ac18da4a31679693b)
Target:
linus/x86_64-allmodconfig/x86_64-gcc8
Branch:
linus
Compiler:
x86_64-gcc8
(x86_64-linux-gcc (GCC) 8.1.0)
Config:
allmodconfig
(
download
)
Log:
Download original
Possible warnings (4)
include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=] lib/ubsan.c:432:1: warning: ignoring attribute 'noreturn' in declaration of a built-in function '__ubsan_handle_builtin_unreachable' because it conflicts with attribute 'const' [-Wattributes] include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=] scripts/unifdef.c:453:28: warning: 'strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
Full Log
# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit} fa520c47eaa15b9baa8ad66ac18da4a31679693b already have revision, skipping fetch # git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b # git clean -qxdf # < git log -1 # commit fa520c47eaa15b9baa8ad66ac18da4a31679693b # Author: Eric Sandeen <sandeen@redhat.com> # Date: Wed Oct 17 15:23:59 2018 +0100 # # fscache: Fix out of bound read in long cookie keys # # fscache_set_key() can incur an out-of-bounds read, reported by KASAN: # # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache] # Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615 # # and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236 # # BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline] # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171 # Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466 # # This happens for any index_key_len which is not divisible by 4 and is # larger than the size of the inline key, because the code allocates exactly # index_key_len for the key buffer, but the hashing loop is stepping through # it 4 bytes (u32) at a time in the buf[] array. # # Fix this by calculating how many u32 buffers we'll need by using # DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation # buffer to hold the index_key, then using that same count as the hashing # index limit. # # Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies") # Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com # Signed-off-by: Eric Sandeen <sandeen@redhat.com> # Cc: stable <stable@vger.kernel.org> # Signed-off-by: David Howells <dhowells@redhat.com> # Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-gcc --version # < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b # < make -s -j 48 ARCH=x86 O=/kisskb/build/linus_x86-allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux- allmodconfig # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_SAMPLES=n # yes \n | make -s -j 48 ARCH=x86 O=/kisskb/build/linus_x86-allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux- oldconfig yes: standard output: Broken pipe # make -s -j 48 ARCH=x86 O=/kisskb/build/linus_x86-allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux- In file included from /kisskb/src/include/linux/bitmap.h:9, from /kisskb/src/include/linux/cpumask.h:12, from /kisskb/src/arch/x86/include/asm/paravirt.h:17, from /kisskb/src/arch/x86/include/asm/irqflags.h:68, from /kisskb/src/include/linux/irqflags.h:16, from /kisskb/src/include/linux/rcupdate.h:39, from /kisskb/src/include/linux/rculist.h:11, from /kisskb/src/include/linux/pid.h:5, from /kisskb/src/include/linux/sched.h:14, from /kisskb/src/kernel/debug/kdb/kdb_support.c:15: In function 'strncpy', inlined from 'kallsyms_symbol_next' at /kisskb/src/kernel/debug/kdb/kdb_support.c:239:4: /kisskb/src/include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=] return __builtin_strncpy(p, q, size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/kernel/debug/kdb/kdb_support.c: In function 'kallsyms_symbol_next': /kisskb/src/include/linux/string.h:267:10: note: length computed here return __builtin_strlen(p); ^~~~~~~~~~~~~~~~~~~ /kisskb/src/lib/ubsan.c:432:1: warning: ignoring attribute 'noreturn' in declaration of a built-in function '__ubsan_handle_builtin_unreachable' because it conflicts with attribute 'const' [-Wattributes] { ^ <built-in>: note: previous declaration here In file included from /kisskb/src/include/linux/bitmap.h:9, from /kisskb/src/include/linux/cpumask.h:12, from /kisskb/src/arch/x86/include/asm/cpumask.h:5, from /kisskb/src/arch/x86/include/asm/msr.h:11, from /kisskb/src/arch/x86/include/asm/processor.h:21, from /kisskb/src/arch/x86/include/asm/cpufeature.h:5, from /kisskb/src/arch/x86/include/asm/thread_info.h:53, from /kisskb/src/include/linux/thread_info.h:38, from /kisskb/src/arch/x86/include/asm/preempt.h:7, from /kisskb/src/include/linux/preempt.h:81, from /kisskb/src/include/linux/spinlock.h:51, from /kisskb/src/include/linux/seqlock.h:36, from /kisskb/src/include/linux/time.h:6, from /kisskb/src/include/linux/stat.h:19, from /kisskb/src/include/linux/module.h:10, from /kisskb/src/lib/test_hexdump.c:8: In function 'strncpy', inlined from 'test_hexdump_prepare_test.constprop' at /kisskb/src/lib/test_hexdump.c:102:3: /kisskb/src/include/linux/string.h:246:9: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=] return __builtin_strncpy(p, q, size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/lib/test_hexdump.c: In function 'test_hexdump_prepare_test.constprop': /kisskb/src/include/linux/string.h:267:10: note: length computed here return __builtin_strlen(p); ^~~~~~~~~~~~~~~~~~~ /kisskb/src/scripts/unifdef.c: In function 'Mpass': /kisskb/src/scripts/unifdef.c:453:28: warning: 'strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation] static void Mpass (void) { strncpy(keyword, "if ", 4); Pelif(); } ^~~~~~~~~~~~~~~~~~~~~~~~~~~ Completed OK # rm -rf /kisskb/build/linus_x86-allmodconfig_x86_64-gcc8 # Build took: 0:19:39.458798
© Michael Ellerman 2006-2018.