# git rev-parse -q --verify d41a3effbb53b1bcea41e328d16a4d046a508381^{commit} d41a3effbb53b1bcea41e328d16a4d046a508381 already have revision, skipping fetch # git checkout -q -f -B kisskb d41a3effbb53b1bcea41e328d16a4d046a508381 # git clean -qxdf # < git log -1 # commit d41a3effbb53b1bcea41e328d16a4d046a508381 # Author: Hillf Danton # Date: Mon Sep 2 13:37:29 2019 +0100 # # keys: Fix missing null pointer check in request_key_auth_describe() # # If a request_key authentication token key gets revoked, there's a window in # which request_key_auth_describe() can see it with a NULL payload - but it # makes no check for this and something like the following oops may occur: # # BUG: Kernel NULL pointer dereference at 0x00000038 # Faulting instruction address: 0xc0000000004ddf30 # Oops: Kernel access of bad area, sig: 11 [#1] # ... # NIP [...] request_key_auth_describe+0x90/0xd0 # LR [...] request_key_auth_describe+0x54/0xd0 # Call Trace: # [...] request_key_auth_describe+0x54/0xd0 (unreliable) # [...] proc_keys_show+0x308/0x4c0 # [...] seq_read+0x3d0/0x540 # [...] proc_reg_read+0x90/0x110 # [...] __vfs_read+0x3c/0x70 # [...] vfs_read+0xb4/0x1b0 # [...] ksys_read+0x7c/0x130 # [...] system_call+0x5c/0x70 # # Fix this by checking for a NULL pointer when describing such a key. # # Also make the read routine check for a NULL pointer to be on the safe side. # # [DH: Modified to not take already-held rcu lock and modified to also check # in the read routine] # # Fixes: 04c567d9313e ("[PATCH] Keys: Fix race between two instantiators of a key") # Reported-by: Sachin Sant # Signed-off-by: Hillf Danton # Signed-off-by: David Howells # Tested-by: Sachin Sant # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 d41a3effbb53b1bcea41e328d16a4d046a508381 # < make -s -j 10 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- randconfig KCONFIG_SEED=0xCBDC0C52 # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_CPU_BIG_ENDIAN=y # Added to kconfig CONFIG_PPC64=y # Added to kconfig CONFIG_PPC_DISABLE_WERROR=y # Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y # Added to kconfig CONFIG_TRIM_UNUSED_KSYMS=n # Added to kconfig CONFIG_UBSAN=n # yes \n | make -s -j 10 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- oldconfig yes: standard output: Broken pipe # make -s -j 10 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- /kisskb/src/arch/powerpc/platforms/pseries/msi.c: In function 'msi_quota_for_device': /kisskb/src/arch/powerpc/platforms/pseries/msi.c:316:24: warning: 'total' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:194:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/block/blk-sysfs.c: In function 'queue_wb_lat_store': /kisskb/src/block/blk-sysfs.c:471:7: warning: 'val' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/sched/core.c: In function 'try_to_wake_up': /kisskb/src/include/asm-generic/bitops/non-atomic.h:106:42: warning: 'cpu' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/sched/core.c:2400:6: note: 'cpu' was declared here /kisskb/src/block/blk-merge.c: In function 'blk_rq_map_sg': /kisskb/src/block/blk.h:71:50: warning: 'bvprv.bv_offset' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/block/blk-merge.c:413:42: note: 'bvprv.bv_offset' was declared here /kisskb/src/block/blk.h:74:2: warning: 'bvprv.bv_len' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/block/blk-merge.c:413:42: note: 'bvprv.bv_len' was declared here /kisskb/src/arch/powerpc/include/asm/io.h:808:22: warning: 'bvprv.bv_page' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/block/blk-merge.c:413:42: note: 'bvprv.bv_page' was declared here /kisskb/src/arch/powerpc/sysdev/xive/common.c: In function 'xive_scan_interrupts': /kisskb/src/arch/powerpc/sysdev/xive/common.c:179:12: warning: 'prio' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c: In function 'xive_spapr_esb_rw': /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:318:16: warning: 'read_data' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c: In function 'xive_spapr_populate_irq_data': /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:374:2: warning: 'flags' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:355:18: warning: 'eoi_page' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:357:18: warning: 'trig_page' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:356:18: warning: 'esb_shift' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c: In function 'xive_spapr_setup_queue': /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:429:14: warning: 'esn_page' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/sysdev/xive/spapr.c:402:16: note: 'esn_page' was declared here /kisskb/src/fs/f2fs/file.c: In function 'f2fs_precache_extents': /kisskb/src/fs/f2fs/file.c:3010:6: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regmap.c: In function 'regmap_raw_read': /kisskb/src/drivers/base/regmap/regmap.c:2591:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regmap.c: In function '_regmap_raw_write': /kisskb/src/drivers/base/regmap/regmap.c:1852:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regcache-rbtree.c: In function 'regcache_rbtree_write': /kisskb/src/drivers/base/regmap/regcache-rbtree.c:274:20: warning: 'new_top_reg' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regcache-rbtree.c:389:30: note: 'new_top_reg' was declared here /kisskb/src/drivers/base/regmap/regcache-rbtree.c:274:20: warning: 'new_base_reg' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regcache-rbtree.c:389:16: note: 'new_base_reg' was declared here /kisskb/src/block/bfq-wf2q.c: In function '__bfq_entity_update_weight_prio': /kisskb/src/block/bfq-wf2q.c:803:24: warning: 'root' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/f2fs/node.c: In function '__set_nat_cache_dirty': /kisskb/src/include/linux/list.h:63:13: warning: 'head' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/f2fs/node.c:236:24: note: 'head' was declared here /kisskb/src/mm/ksm.c: In function 'cmp_and_merge_page': /kisskb/src/mm/ksm.c:3234:1: warning: 'stable_node' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/mm/ksm.c:1828:22: note: 'stable_node' was declared here /kisskb/src/fs/jffs2/xattr.c: In function 'jffs2_build_xattr_subsystem': /kisskb/src/fs/jffs2/xattr.c:887:1: warning: the frame size of 1072 bytes is larger than 1024 bytes [-Wframe-larger-than=] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/fs/proc/inode.c:370:15: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/hid/hid-asus.c: In function 'asus_input_configured': /kisskb/src/drivers/hid/hid-asus.c:422:2: warning: 'kbd_func' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/hid/hid-asus.c:408:16: note: 'kbd_func' was declared here /kisskb/src/lib/kobject_uevent.c: In function 'kobject_synth_uevent': /kisskb/src/lib/kobject_uevent.c:223:7: warning: 'env' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/kobject_uevent.c:142:10: warning: 'action_args' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/lib/kobject_uevent.c:196:14: note: 'action_args' was declared here /kisskb/src/drivers/hwmon/lochnagar-hwmon.c: In function 'read_sensor': /kisskb/src/drivers/hwmon/lochnagar-hwmon.c:74:6: warning: 'data' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/hwmon/lochnagar-hwmon.c:180:6: note: 'data' was declared here /kisskb/src/drivers/iio/accel/mma9551_core.c: In function 'mma9551_gpio_config': /kisskb/src/drivers/iio/accel/mma9551_core.c:582:6: warning: 'pol_mask' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/accel/mma9551.c: In function 'mma9551_event_handler': /kisskb/src/drivers/iio/accel/mma9551.c:373:6: warning: 'reg' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/light/lv0104cs.c: In function 'lv0104cs_read_raw': /kisskb/src/drivers/iio/light/lv0104cs.c:202:21: warning: 'adc_output' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/light/lv0104cs.c:164:6: note: 'adc_output' was declared here /kisskb/src/drivers/iio/pressure/bmp280-core.c: In function 'bmp180_read_temp': /kisskb/src/drivers/iio/pressure/bmp280-core.c:812:18: warning: 'adc_temp' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/pressure/bmp280-core.c:822:6: note: 'adc_temp' was declared here /kisskb/src/drivers/iio/pressure/bmp280-core.c: In function 'bmp180_read_press': /kisskb/src/drivers/iio/pressure/bmp280-core.c:883:8: warning: 'adc_press' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/iio/pressure/bmp280-core.c:900:6: note: 'adc_press' was declared here /kisskb/src/drivers/iio/proximity/srf08.c: In function 'srf08_write_sensitivity': /kisskb/src/drivers/iio/proximity/srf08.c:367:6: warning: 'regval' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/misc/habanalabs/command_submission.c: In function '_hl_cs_ioctl': /kisskb/src/drivers/misc/habanalabs/command_submission.c:588:8: warning: 'cs' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/fiji_smumgr.c: In function 'fiji_init_smc_table': /kisskb/src/drivers/gpu/drm/amd/amdgpu/../powerplay/smumgr/fiji_smumgr.c:1308:15: warning: 'vol_level.Voltage' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/io_uring.c: In function 'io_sq_wq_submit_work': /kisskb/src/arch/powerpc/include/asm/uaccess.h:36:29: warning: 'old_fs.seg' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/io_uring.c:1876:15: note: 'old_fs.seg' was declared here /kisskb/src/drivers/rapidio/devices/rio_mport_cdev.c: In function 'rio_mport_maint_rd': /kisskb/src/drivers/rapidio/devices/rio_mport_cdev.c:266:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/soundwire/slave.c:16:12: warning: 'sdw_slave_add' defined but not used [-Wunused-function] /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:248:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:228:19: note: 'i' was declared here /kisskb/src/drivers/tty/serial/serial_core.c: In function 'uart_put_char': /kisskb/src/include/linux/spinlock.h:393:2: warning: 'flags' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/serial_core.c:549:16: note: 'flags' was declared here /kisskb/src/drivers/tty/serial/serial_core.c: In function 'uart_write': /kisskb/src/include/linux/spinlock.h:393:2: warning: 'flags' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/serial_core.c:579:16: note: 'flags' was declared here /kisskb/src/drivers/regulator/s5m8767.c: In function 's5m8767_get_register.isra.0': /kisskb/src/drivers/regulator/s5m8767.c:201:43: warning: 'mode' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/drm_atomic.c: In function 'drm_atomic_check_only': /kisskb/src/drivers/gpu/drm/drm_atomic.c:426:2: warning: 'crtc_state' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/gpu/drm/drm_atomic.c:405:25: note: 'crtc_state' was declared here /kisskb/src/drivers/tty/serial/ifx6x60.c: In function 'ifx_spi_complete': /kisskb/src/drivers/tty/serial/ifx6x60.c:667:26: warning: 'cts' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/ifx6x60.c:669:19: warning: 'length' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/usb/misc/usbtest.c: In function 'test_queue': /kisskb/src/drivers/usb/misc/usbtest.c:2148:1: warning: the frame size of 1264 bytes is larger than 1024 bytes [-Wframe-larger-than=] /kisskb/src/drivers/watchdog/ziirave_wdt.c: In function 'ziirave_wdt_sysfs_store_firm': /kisskb/src/drivers/watchdog/ziirave_wdt.c:349:11: warning: 'fw' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/watchdog/ziirave_wdt.c:543:25: note: 'fw' was declared here Completed OK # rm -rf /kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.6 # Build took: 0:08:34.285788