# git rev-parse -q --verify 2e90ca68b0d2f5548804f22f0dd61145516171e3^{commit} 2e90ca68b0d2f5548804f22f0dd61145516171e3 already have revision, skipping fetch # git checkout -q -f -B kisskb 2e90ca68b0d2f5548804f22f0dd61145516171e3 # git clean -qxdf # < git log -1 # commit 2e90ca68b0d2f5548804f22f0dd61145516171e3 # Author: Linus Torvalds # Date: Fri Feb 21 12:43:35 2020 -0800 # # floppy: check FDC index for errors before assigning it # # Jordy Zomer reported a KASAN out-of-bounds read in the floppy driver in # wait_til_ready(). # # Which on the face of it can't happen, since as Willy Tarreau points out, # the function does no particular memory access. Except through the FDCS # macro, which just indexes a static allocation through teh current fdc, # which is always checked against N_FDC. # # Except the checking happens after we've already assigned the value. # # The floppy driver is a disgrace (a lot of it going back to my original # horrd "design"), and has no real maintainer. Nobody has the hardware, # and nobody really cares. But it still gets used in virtual environment # because it's one of those things that everybody supports. # # The whole thing should be re-written, or at least parts of it should be # seriously cleaned up. The 'current fdc' index, which is used by the # FDCS macro, and which is often shadowed by a local 'fdc' variable, is a # prime example of how not to write code. # # But because nobody has the hardware or the motivation, let's just fix up # the immediate problem with a nasty band-aid: test the fdc index before # actually assigning it to the static 'fdc' variable. # # Reported-by: Jordy Zomer # Cc: Willy Tarreau # Cc: Dan Carpenter # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 2e90ca68b0d2f5548804f22f0dd61145516171e3 # < make -s -j 24 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- ppc44x_defconfig # < make -s -j 24 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- help # make -s -j 24 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- olddefconfig # make -s -j 24 ARCH=powerpc O=/kisskb/build/linus_ppc44x_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- /kisskb/src/arch/powerpc/boot/dts/virtex440-ml510.dts:335.37-439.6: Warning (pci_bridge): /plb@0/plbv46-pci@85e00000: node name is not "pci" or "pcie" arch/powerpc/boot/dts/virtex440-ml510.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:247:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:227:19: note: 'i' was declared here /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:72:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:338:21: note: 'pdeo' was declared here /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:204:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c: In function 'tun_get_user': /kisskb/src/drivers/net/tun.c:1836:30: warning: 'copylen' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1749:46: warning: 'linear' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/usb/core/devio.c: In function 'async_completed': /kisskb/src/drivers/usb/core/devio.c:625:23: warning: 'errno' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/ext4/extents.c: In function 'ext4_convert_unwritten_io_end_vec': /kisskb/src/fs/ext4/extents.c:5009:23: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/bridge/br_netlink.c: In function 'br_process_vlan_info': /kisskb/src/net/bridge/br_netlink.c:571:6: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/io_uring.c: In function '__io_sqe_files_update.isra.81': /kisskb/src/fs/io_uring.c:5819:13: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/arch/powerpc/boot/dts/katmai.dts:322.26-361.5: Warning (pci_bridge): /plb/pciex@d00000000: node name is not "pci" or "pcie" /kisskb/src/arch/powerpc/boot/dts/katmai.dts:363.26-402.5: Warning (pci_bridge): /plb/pciex@d20000000: node name is not "pci" or "pcie" /kisskb/src/arch/powerpc/boot/dts/katmai.dts:404.26-443.5: Warning (pci_bridge): /plb/pciex@d40000000: node name is not "pci" or "pcie" arch/powerpc/boot/dts/katmai.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x589cf4) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2816626 Bytes = 2750.61 KiB = 2.69 MiB Load Address: 00000000 Entry Point: 00000000 INFO: Uncompressed kernel (size 0x59a374) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847777 Bytes = 2781.03 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014e0 Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847660 Bytes = 2780.92 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006000c8 Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847819 Bytes = 2781.07 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014c0 Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847599 Bytes = 2780.86 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006001bc Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847736 Bytes = 2780.99 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014e0 Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847794 Bytes = 2781.05 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014e0 Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847730 Bytes = 2780.99 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014ec Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847693 Bytes = 2780.95 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014cc Image Name: Linux-5.6.0-rc3-g2e90ca68b0d2 Created: Thu Feb 27 02:56:16 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2847784 Bytes = 2781.04 KiB = 2.72 MiB Load Address: 00600000 Entry Point: 006014d8 Completed OK # rm -rf /kisskb/build/linus_ppc44x_defconfig_powerpc-gcc4.6 # Build took: 0:01:05.924339