# git rev-parse -q --verify fa520c47eaa15b9baa8ad66ac18da4a31679693b^{commit}
fa520c47eaa15b9baa8ad66ac18da4a31679693b
already have revision, skipping fetch
# git checkout -q -f -B kisskb fa520c47eaa15b9baa8ad66ac18da4a31679693b
# git clean -qxdf
# < git log -1
# commit fa520c47eaa15b9baa8ad66ac18da4a31679693b
# Author: Eric Sandeen <sandeen@redhat.com>
# Date:   Wed Oct 17 15:23:59 2018 +0100
# 
#     fscache: Fix out of bound read in long cookie keys
#     
#     fscache_set_key() can incur an out-of-bounds read, reported by KASAN:
#     
#      BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x5b3/0x680 [fscache]
#      Read of size 4 at addr ffff88084ff056d4 by task mount.nfs/32615
#     
#     and also reported by syzbot at https://lkml.org/lkml/2018/7/8/236
#     
#       BUG: KASAN: slab-out-of-bounds in fscache_set_key fs/fscache/cookie.c:120 [inline]
#       BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880 fs/fscache/cookie.c:171
#       Read of size 4 at addr ffff8801d3cc8bb4 by task syz-executor907/4466
#     
#     This happens for any index_key_len which is not divisible by 4 and is
#     larger than the size of the inline key, because the code allocates exactly
#     index_key_len for the key buffer, but the hashing loop is stepping through
#     it 4 bytes (u32) at a time in the buf[] array.
#     
#     Fix this by calculating how many u32 buffers we'll need by using
#     DIV_ROUND_UP, and then using kcalloc() to allocate a precleared allocation
#     buffer to hold the index_key, then using that same count as the hashing
#     index limit.
#     
#     Fixes: ec0328e46d6e ("fscache: Maintain a catalogue of allocated cookies")
#     Reported-by: syzbot+a95b989b2dde8e806af8@syzkaller.appspotmail.com
#     Signed-off-by: Eric Sandeen <sandeen@redhat.com>
#     Cc: stable <stable@vger.kernel.org>
#     Signed-off-by: David Howells <dhowells@redhat.com>
#     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
# < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version
# < git log --format=%s --max-count=1 fa520c47eaa15b9baa8ad66ac18da4a31679693b
# < make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_randconfig+ppc64le_ppc64le-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-  randconfig
KCONFIG_SEED=0x727D7A14

WARNING: unmet direct dependencies detected for FSL_EMB_PERFMON
  Depends on [n]: E500 [=n] || PPC_83xx [=n]
  Selected by [y]:
  - PPC_FSL_BOOK3E [=y]

WARNING: unmet direct dependencies detected for FSL_EMB_PERFMON
  Depends on [n]: E500 [=n] || PPC_83xx [=n]
  Selected by [y]:
  - PPC_FSL_BOOK3E [=y]
# Added to kconfig CONFIG_STANDALONE=y
# Added to kconfig CONFIG_BUILD_DOCSRC=n
# Added to kconfig CONFIG_MODULE_SIG=n
# Added to kconfig CONFIG_CPU_BIG_ENDIAN=n
# Added to kconfig CONFIG_CPU_LITTLE_ENDIAN=y
# Added to kconfig CONFIG_PPC64=y
# Added to kconfig CONFIG_PPC_BOOK3E_64=n
# Added to kconfig CONFIG_PPC_BOOK3S_64=y
# Added to kconfig CONFIG_PPC_DISABLE_WERROR=y
# Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y
# Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y
# Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y
# yes \n | make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_randconfig+ppc64le_ppc64le-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-  oldconfig
yes: standard output: Broken pipe
# make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_randconfig+ppc64le_ppc64le-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-  
In file included from /kisskb/src/arch/powerpc/xmon/xmon.c:67:0:
/kisskb/src/arch/powerpc/xmon/dis-asm.h: In function 'print_insn_powerpc':
/kisskb/src/arch/powerpc/xmon/dis-asm.h:20:9: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'long unsigned int' [-Wformat=]
  printf("%.8x", insn);
         ^
/kisskb/src/arch/powerpc/xmon/dis-asm.h: In function 'print_insn_spu':
/kisskb/src/arch/powerpc/xmon/dis-asm.h:26:9: warning: format '%x' expects argument of type 'unsigned int', but argument 2 has type 'long unsigned int' [-Wformat=]
  printf("%.8x", insn);
         ^
/kisskb/src/kernel/seccomp.c: In function '__seccomp_filter':
/kisskb/src/kernel/seccomp.c:775:1: warning: no return statement in function returning non-void [-Wreturn-type]
 }
 ^
WARNING: vmlinux.o(.text+0x2bd4): Section mismatch in reference from the variable __boot_from_prom to the function .init.text:prom_init()
The function __boot_from_prom() references
the function __init prom_init().
This is often because __boot_from_prom lacks a __init 
annotation or the annotation of prom_init is wrong.

WARNING: vmlinux.o(.text+0x2e44): Section mismatch in reference from the variable start_here_multiplatform to the function .init.text:early_setup()
The function start_here_multiplatform() references
the function __init early_setup().
This is often because start_here_multiplatform lacks a __init 
annotation or the annotation of early_setup is wrong.

WARNING: vmlinux.o(.text+0x2e78): Section mismatch in reference from the variable start_here_common to the function .init.text:start_kernel()
The function start_here_common() references
the function __init start_kernel().
This is often because start_here_common lacks a __init 
annotation or the annotation of start_kernel is wrong.

Completed OK
# rm -rf /kisskb/build/linus-rand_randconfig+ppc64le_ppc64le-gcc5
# Build took: 0:02:19.334822