# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit}
fa520c47eaa15b9baa8ad66ac18da4a31679693b
already have revision, skipping fetch
# git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b
# git clean -qxdf
# < git log -1
# commit fa520c47eaa15b9baa8ad66ac18da4a31679693b
# Author: Eric Sandeen <sandeen@redhat.com>
# Date:   Wed Oct 17 15:23:59 2018 +0100
# 
#     fscache: Fix out of bound read in long cookie keys
#     
#     fscache_set_key() can incur an out-of-bounds read, reported by KASAN:
#     
#      BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache]
#      Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615
#     
#     and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236
#     
#       BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline]
#       BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171
#       Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466
#     
#     This happens for any index_key_len which is not divisible by 4 and is
#     larger than the size of the inline key, because the code allocates exactly
#     index_key_len for the key buffer, but the hashing loop is stepping through
#     it 4 bytes (u32) at a time in the buf[] array.
#     
#     Fix this by calculating how many u32 buffers we'll need by using
#     DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation
#     buffer to hold the index_key, then using that same count as the hashing
#     index limit.
#     
#     Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies")
#     Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com
#     Signed-off-by: Eric Sandeen <sandeen@redhat.com>
#     Cc: stable <stable@vger.kernel.org>
#     Signed-off-by: David Howells <dhowells@redhat.com>
#     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
# < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/nds32le-linux/bin/nds32le-linux-gcc --version
# < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b
# < make -s -j 48 ARCH=nds32 O=/kisskb/build/linus_nds32-allyesconfig_nds32le CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/nds32le-linux/bin/nds32le-linux-  allyesconfig
# make -s -j 48 ARCH=nds32 O=/kisskb/build/linus_nds32-allyesconfig_nds32le CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/nds32le-linux/bin/nds32le-linux-  
/kisskb/src/scripts/unifdef.c: In function 'Mpass':
/kisskb/src/scripts/unifdef.c:453:28: warning: 'strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
 static void Mpass (void) { strncpy(keyword, "if  ", 4); Pelif(); }
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/kisskb/src/lib/test_hexdump.c: In function 'test_hexdump_prepare_test.isra.0':
/kisskb/src/lib/test_hexdump.c:102:3: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
   strncpy(p, q, amount);
   ^~~~~~~~~~~~~~~~~~~~~
/kisskb/src/lib/test_hexdump.c:100:19: note: length computed here
   size_t amount = strlen(q);
                   ^~~~~~~~~
/kisskb/src/drivers/input/joystick/analog.c:172:2: warning: #warning Precise timer not defined for this architecture. [-Wcpp]
 #warning Precise timer not defined for this architecture.
  ^~~~~~~
/kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery':
/kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (ret == -EOPNOTSUPP)
     ^
/kisskb/src/net/tipc/topsrv.c: In function 'tipc_topsrv_start':
/kisskb/src/net/tipc/topsrv.c:660:2: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
  strncpy(srv->name, name, strlen(name) + 1);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/kisskb/src/net/tipc/topsrv.c:660:27: note: length computed here
  strncpy(srv->name, name, strlen(name) + 1);
                           ^~~~~~~~~~~~
/kisskb/src/drivers/mtd/nand/raw/qcom_nandc.c:154: warning: "PAGE_READ" redefined
 #define PAGE_READ   0x2
 
In file included from /kisskb/src/include/linux/memremap.h:7,
                 from /kisskb/src/include/linux/mm.h:27,
                 from /kisskb/src/include/linux/scatterlist.h:8,
                 from /kisskb/src/include/linux/dma-mapping.h:11,
                 from /kisskb/src/drivers/mtd/nand/raw/qcom_nandc.c:17:
/kisskb/src/arch/nds32/include/asm/pgtable.h:145: note: this is the location of the previous definition
 #define PAGE_READ __pgprot(_PAGE_V | _PAGE_M_UR_KR)
 
WARNING: EXPORT symbol "copy_page" [vmlinux] version generation failed, symbol will not be versioned.
WARNING: EXPORT symbol "clear_page" [vmlinux] version generation failed, symbol will not be versioned.
/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/nds32le-linux/bin/nds32le-linux-ld: drivers/usb/storage/ene_ub6250.o: in function `ene_load_bincode':
ene_ub6250.c:(.text+0x284): relocation truncated to fit: R_NDS32_9_PCREL_RELA against `.text'
make[1]: *** [/kisskb/src/Makefile:1028: vmlinux] Error 1
make: *** [Makefile:146: sub-make] Error 2
Command 'make -s -j 48 ARCH=nds32 O=/kisskb/build/linus_nds32-allyesconfig_nds32le CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/nds32le-linux/bin/nds32le-linux-  ' returned non-zero exit status 2
# rm -rf /kisskb/build/linus_nds32-allyesconfig_nds32le
# Build took: 0:08:16.409555