# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit} fa520c47eaa15b9baa8ad66ac18da4a31679693b already have revision, skipping fetch # git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b # git clean -qxdf # < git log -1 # commit fa520c47eaa15b9baa8ad66ac18da4a31679693b # Author: Eric Sandeen # Date: Wed Oct 17 15:23:59 2018 +0100 # # fscache: Fix out of bound read in long cookie keys # # fscache_set_key() can incur an out-of-bounds read, reported by KASAN: # # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache] # Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615 # # and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236 # # BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline] # BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171 # Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466 # # This happens for any index_key_len which is not divisible by 4 and is # larger than the size of the inline key, because the code allocates exactly # index_key_len for the key buffer, but the hashing loop is stepping through # it 4 bytes (u32) at a time in the buf[] array. # # Fix this by calculating how many u32 buffers we'll need by using # DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation # buffer to hold the index_key, then using that same count as the hashing # index limit. # # Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies") # Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com # Signed-off-by: Eric Sandeen # Cc: stable # Signed-off-by: David Howells # Signed-off-by: Greg Kroah-Hartman # < /opt/cross/kisskb/gcc-4.6.3-nolibc/i386-linux/bin/i386-linux-gcc --version # < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b # < make -s -j 80 ARCH=i386 O=/kisskb/build/linus-rand_i386-randconfig_i386 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/i386-linux/bin/i386-linux- randconfig KCONFIG_SEED=0xB22B5030 # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # yes \n | make -s -j 80 ARCH=i386 O=/kisskb/build/linus-rand_i386-randconfig_i386 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/i386-linux/bin/i386-linux- oldconfig yes: standard output: Broken pipe # make -s -j 80 ARCH=i386 O=/kisskb/build/linus-rand_i386-randconfig_i386 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/i386-linux/bin/i386-linux- /kisskb/src/scripts/unifdef.c: In function 'Mpass': /kisskb/src/scripts/unifdef.c:453:28: warning: 'strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation] static void Mpass (void) { strncpy(keyword, "if ", 4); Pelif(); } ^~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/kernel/rcu/srcutree.c: In function 'init_srcu_struct_nodes': /kisskb/src/kernel/rcu/srcutree.c:129:33: warning: 'levelspread[]' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:185:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/printk/printk.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/kernel/rcu/srcutree.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/ipc/shm.c: In function 'ksys_shmdt': /kisskb/src/ipc/shm.c:1686:59: warning: 'file' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/ipc/shm.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/arch/x86/kernel/apic/io_apic.c: In function 'mp_map_pin_to_irq': /kisskb/src/arch/x86/kernel/apic/io_apic.c:1034:6: warning: 'irq' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/x86/kernel/apic/io_apic.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/mm/ksm.c: In function 'stable_node_dup': /kisskb/src/mm/ksm.c:1395:15: warning: 'found_rmap_hlist_len' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/mm/ksm.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/arch/x86/kernel/hw_breakpoint.c: In function 'hw_breakpoint_arch_parse': /kisskb/src/arch/x86/kernel/hw_breakpoint.c:366:18: warning: 'align' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/x86/kernel/hw_breakpoint.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/arch/x86/kernel/e820.c: In function 'e820__setup_pci_gap': /kisskb/src/arch/x86/kernel/e820.c:653:2: warning: 'gapstart' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/x86/kernel/e820.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/lib/raid6/recov_avx512.c:387:2: warning: #warning "your version of binutils lacks AVX512 support" [-Wcpp] cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/lib/mpi/mpicoder.c: In function 'mpi_read_raw_from_sgl': /kisskb/src/lib/mpi/mpicoder.c:352:8: warning: 'buff' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/mpi/mpicoder.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/lib/rhashtable.c: In function 'rhashtable_rehash_one': /kisskb/src/lib/rhashtable.c:264:2: warning: 'next' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/rhashtable.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/net/core/gen_stats.c: In function '__gnet_stats_copy_basic': /kisskb/src/include/linux/seqlock.h:205:9: warning: 'seq' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/core/gen_stats.c:150:15: note: 'seq' was declared here /kisskb/src/net/core/gen_stats.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/net/core/dev.c: In function 'validate_xmit_skb_list': /kisskb/src/net/core/dev.c:3365:15: warning: 'tail' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/core/dev.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/dma-buf/reservation.c: In function 'reservation_object_add_shared_replace': /kisskb/src/drivers/dma-buf/reservation.c:211:7: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/dma-buf/reservation.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/fs/f2fs/node.c: In function '__set_nat_cache_dirty': /kisskb/src/include/linux/list.h:93:12: warning: 'head' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/f2fs/node.c:238:24: note: 'head' was declared here /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:341:21: note: 'pdeo' was declared here /kisskb/src/fs/proc/inode.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery': /kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/i2c/i2c-core-base.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/fs/f2fs/node.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/input/touchscreen/hideep.c: In function 'hideep_update_firmware': /kisskb/src/drivers/input/touchscreen/hideep.c:633:3: warning: 'error' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/input/touchscreen/hideep.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/mfd/arizona-core.c: In function 'arizona_dev_init': /kisskb/src/drivers/mfd/arizona-core.c:1422:6: warning: 'n_subdevs' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/mfd/arizona-core.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/iio/proximity/isl29501.c: In function 'isl29501_register_write': /kisskb/src/drivers/iio/proximity/isl29501.c:253:34: warning: 'msb' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/proximity/isl29501.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/net/macsec.c: In function 'macsec_del_rxsa': /kisskb/src/drivers/net/macsec.c:1926:2: warning: 'assoc_num' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/macsec.c:1926:2: warning: 'rx_sc' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/macsec.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/scheduler/gpu_scheduler.c: In function 'drm_sched_job_recovery': /kisskb/src/drivers/gpu/drm/scheduler/gpu_scheduler.c:689:20: warning: 'guilty_context' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/scheduler/gpu_scheduler.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c: In function 'gmc_v9_0_process_interrupt': /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c:262:10: warning: missing braces around initializer [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c:262:10: warning: (near initialization for 'task_info.process_name') [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c: In function 'gmc_v8_0_process_interrupt': /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c:1447:10: warning: missing braces around initializer [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c:1447:10: warning: (near initialization for 'task_info.process_name') [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'serial_unlink_irq_chain': /kisskb/src/drivers/tty/serial/8250/8250_core.c:251:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/video/backlight/adp8860_bl.c: In function 'adp8860_bl_ambient_light_level_show': /kisskb/src/drivers/video/backlight/adp8860_bl.c:579:10: warning: 'ret_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/video/backlight/adp8860_bl.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/drm_atomic.c: In function 'drm_atomic_connector_check': /kisskb/src/drivers/gpu/drm/drm_atomic.c:760:38: warning: 'crtc_state' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/drm_atomic.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c: In function 'dcn10_update_mpcc': /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c:1903:9: warning: missing braces around initializer [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c:1903:9: warning: (near initialization for 'blnd_cfg.black_color') [-Wmissing-braces] /kisskb/src/drivers/gpu/drm/radeon/radeon_uvd.c: In function 'radeon_uvd_init': /kisskb/src/drivers/gpu/drm/radeon/radeon_uvd.c:175:15: warning: 'r' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/radeon/radeon_uvd.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxgm200.c: In function 'gm200_i2c_aux_xfer': /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxgm200.c:160:31: warning: 'stat' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxgm200.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c: In function 'generic_reg_wait': /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c:216:11: warning: 'reg_val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxg94.c: In function 'g94_i2c_aux_xfer': /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxg94.c:160:31: warning: 'stat' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxg94.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c: In function 'cxgb_select_queue': /kisskb/src/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:954:38: warning: 'vlan_tci' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/top/gk104.c: In function 'gk104_top_oneinit': /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/top/gk104.c:102:1: warning: 'inst' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/top/gk104.c:102:1: warning: 'type' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/nvkm/subdev/top/gk104.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] /kisskb/src/drivers/gpu/drm/nouveau/dispnv50/lut.c: In function 'nv50_lut_load': /kisskb/src/arch/x86/include/asm/io.h:66:1: warning: 'b' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/dispnv50/lut.c:39:18: note: 'b' was declared here /kisskb/src/arch/x86/include/asm/io.h:66:1: warning: 'g' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/dispnv50/lut.c:39:15: note: 'g' was declared here /kisskb/src/arch/x86/include/asm/io.h:66:1: warning: 'r' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/nouveau/dispnv50/lut.c:39:12: note: 'r' was declared here /kisskb/src/drivers/gpu/drm/nouveau/dispnv50/lut.c: At top level: cc1: warning: unrecognized command line option "-Wno-maybe-uninitialized" [enabled by default] Completed OK # rm -rf /kisskb/build/linus-rand_i386-randconfig_i386 # Build took: 0:02:57.022830