# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit}
fa520c47eaa15b9baa8ad66ac18da4a31679693b
already have revision, skipping fetch
# git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b
# git clean -qxdf
# < git log -1
# commit fa520c47eaa15b9baa8ad66ac18da4a31679693b
# Author: Eric Sandeen <sandeen@redhat.com>
# Date:   Wed Oct 17 15:23:59 2018 +0100
# 
#     fscache: Fix out of bound read in long cookie keys
#     
#     fscache_set_key() can incur an out-of-bounds read, reported by KASAN:
#     
#      BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache]
#      Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615
#     
#     and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236
#     
#       BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline]
#       BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171
#       Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466
#     
#     This happens for any index_key_len which is not divisible by 4 and is
#     larger than the size of the inline key, because the code allocates exactly
#     index_key_len for the key buffer, but the hashing loop is stepping through
#     it 4 bytes (u32) at a time in the buf[] array.
#     
#     Fix this by calculating how many u32 buffers we'll need by using
#     DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation
#     buffer to hold the index_key, then using that same count as the hashing
#     index limit.
#     
#     Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies")
#     Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com
#     Signed-off-by: Eric Sandeen <sandeen@redhat.com>
#     Cc: stable <stable@vger.kernel.org>
#     Signed-off-by: David Howells <dhowells@redhat.com>
#     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
# < /opt/cross/kisskb/br-mipsel-o32-full-2016.08-613-ge98b4dd/bin/mipsel-linux-gcc --version
# < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b
# < make -s -j 48 ARCH=mips O=/kisskb/build/linus_mips-allmodconfig_mipsel CROSS_COMPILE=/opt/cross/kisskb/br-mipsel-o32-full-2016.08-613-ge98b4dd/bin/mipsel-linux-  allmodconfig
# Added to kconfig CONFIG_BUILD_DOCSRC=n
# Added to kconfig CONFIG_MODULE_SIG=n
# Added to kconfig CONFIG_SAMPLES=n
# Added to kconfig CONFIG_MIPS_CPS_NS16550_BASE=0x1b0003f8
# Added to kconfig CONFIG_MIPS_CPS_NS16550_SHIFT=0
# Added to kconfig 
# yes \n | make -s -j 48 ARCH=mips O=/kisskb/build/linus_mips-allmodconfig_mipsel CROSS_COMPILE=/opt/cross/kisskb/br-mipsel-o32-full-2016.08-613-ge98b4dd/bin/mipsel-linux-  oldconfig
yes: standard output: Broken pipe
# make -s -j 48 ARCH=mips O=/kisskb/build/linus_mips-allmodconfig_mipsel CROSS_COMPILE=/opt/cross/kisskb/br-mipsel-o32-full-2016.08-613-ge98b4dd/bin/mipsel-linux-  
/kisskb/src/drivers/input/joystick/analog.c:172:2: warning: #warning Precise timer not defined for this architecture. [-Wcpp]
 #warning Precise timer not defined for this architecture.
  ^
/kisskb/src/drivers/spi/spi-sh-msiof.c:78:0: warning: "STR" redefined
 #define STR 0x40 /* Status Register */
 ^
In file included from /kisskb/src/arch/mips/include/asm/mach-generic/spaces.h:15:0,
                 from /kisskb/src/arch/mips/include/asm/addrspace.h:13,
                 from /kisskb/src/arch/mips/include/asm/barrier.h:11,
                 from /kisskb/src/include/linux/compiler.h:245,
                 from /kisskb/src/arch/mips/include/asm/bitops.h:16,
                 from /kisskb/src/include/linux/bitops.h:19,
                 from /kisskb/src/include/linux/bitmap.h:8,
                 from /kisskb/src/drivers/spi/spi-sh-msiof.c:14:
/kisskb/src/arch/mips/include/asm/mipsregs.h:30:0: note: this is the location of the previous definition
 #define STR(x) __STR(x)
 ^
In file included from /kisskb/src/arch/mips/include/asm/sibyte/sb1250.h:41:0,
                 from /kisskb/src/drivers/watchdog/sb_wdog.c:58:
/kisskb/src/arch/mips/include/asm/sibyte/bcm1480_scd.h:274:0: warning: "M_SPC_CFG_CLEAR" redefined
 #define M_SPC_CFG_CLEAR   M_BCM1480_SPC_CFG_CLEAR
 ^
In file included from /kisskb/src/arch/mips/include/asm/sibyte/sb1250.h:40:0,
                 from /kisskb/src/drivers/watchdog/sb_wdog.c:58:
/kisskb/src/arch/mips/include/asm/sibyte/sb1250_scd.h:405:0: note: this is the location of the previous definition
 #define M_SPC_CFG_CLEAR  _SB_MAKEMASK1(32)
 ^
In file included from /kisskb/src/arch/mips/include/asm/sibyte/sb1250.h:41:0,
                 from /kisskb/src/drivers/watchdog/sb_wdog.c:58:
/kisskb/src/arch/mips/include/asm/sibyte/bcm1480_scd.h:275:0: warning: "M_SPC_CFG_ENABLE" redefined
 #define M_SPC_CFG_ENABLE  M_BCM1480_SPC_CFG_ENABLE
 ^
In file included from /kisskb/src/arch/mips/include/asm/sibyte/sb1250.h:40:0,
                 from /kisskb/src/drivers/watchdog/sb_wdog.c:58:
/kisskb/src/arch/mips/include/asm/sibyte/sb1250_scd.h:406:0: note: this is the location of the previous definition
 #define M_SPC_CFG_ENABLE _SB_MAKEMASK1(33)
 ^
/kisskb/src/scripts/unifdef.c: In function 'Mpass':
/kisskb/src/scripts/unifdef.c:453:28: warning: 'strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
 static void Mpass (void) { strncpy(keyword, "if  ", 4); Pelif(); }
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~
FIT description: Linux 4.19.0-rc8+
Created:         Fri Oct 19 04:26:03 2018
 Image 0 (kernel@0)
  Description:  Linux 4.19.0-rc8+
  Created:      Fri Oct 19 04:26:03 2018
  Type:         Kernel Image
  Compression:  gzip compressed
  Data Size:    6114488 Bytes = 5971.18 KiB = 5.83 MiB
  Architecture: MIPS
  OS:           Linux
  Load Address: 0x84000000
  Entry Point:  0x8497ad20
  Hash algo:    sha1
  Hash value:   8512463fc3b910aaf248dd3cad30175026fe92f0
 Image 1 (fdt@boston)
  Description:  img,boston Device Tree
  Created:      Fri Oct 19 04:26:03 2018
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    3668 Bytes = 3.58 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   569c37cc891ce1e1f3a193cb41cc691a5d2debb5
 Image 2 (fdt@ni169445)
  Description:  NI 169445 device tree
  Created:      Fri Oct 19 04:26:03 2018
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    1871 Bytes = 1.83 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   51b89b31605ee62038c8468c429af091dfc75ec7
 Image 3 (fdt@ocelot_pcb123)
  Description:  MSCC Ocelot PCB123 Device Tree
  Created:      Fri Oct 19 04:26:03 2018
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    4099 Bytes = 4.00 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   d6b84965b858109511872b01415e613e125e44b1
 Image 4 (fdt@xilfpga)
  Description:  MIPSfpga (xilfpga) Device Tree
  Created:      Fri Oct 19 04:26:03 2018
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    2708 Bytes = 2.64 KiB = 0.00 MiB
  Architecture: MIPS
  Hash algo:    sha1
  Hash value:   509ce58e44c561d54539e64e9d4b47054e696fc6
 Default Configuration: 'conf@default'
 Configuration 0 (conf@default)
  Description:  Generic Linux kernel
  Kernel:       kernel@0
 Configuration 1 (conf@boston)
  Description:  Boston Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@boston
 Configuration 2 (conf@ni169445)
  Description:  NI 169445 Linux Kernel
  Kernel:       kernel@0
  FDT:          fdt@ni169445
 Configuration 3 (conf@ocelot_pcb123)
  Description:  Ocelot Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@ocelot_pcb123
 Configuration 4 (conf@xilfpga)
  Description:  MIPSfpga Linux kernel
  Kernel:       kernel@0
  FDT:          fdt@xilfpga
Completed OK
# rm -rf /kisskb/build/linus_mips-allmodconfig_mipsel
# Build took: 0:14:11.432272