# git rev-parse -q --verify 2e90ca68b0d2f5548804f22f0dd61145516171e3^{commit} 2e90ca68b0d2f5548804f22f0dd61145516171e3 already have revision, skipping fetch # git checkout -q -f -B kisskb 2e90ca68b0d2f5548804f22f0dd61145516171e3 # git clean -qxdf # < git log -1 # commit 2e90ca68b0d2f5548804f22f0dd61145516171e3 # Author: Linus Torvalds # Date: Fri Feb 21 12:43:35 2020 -0800 # # floppy: check FDC index for errors before assigning it # # Jordy Zomer reported a KASAN out-of-bounds read in the floppy driver in # wait_til_ready(). # # Which on the face of it can't happen, since as Willy Tarreau points out, # the function does no particular memory access. Except through the FDCS # macro, which just indexes a static allocation through teh current fdc, # which is always checked against N_FDC. # # Except the checking happens after we've already assigned the value. # # The floppy driver is a disgrace (a lot of it going back to my original # horrd "design"), and has no real maintainer. Nobody has the hardware, # and nobody really cares. But it still gets used in virtual environment # because it's one of those things that everybody supports. # # The whole thing should be re-written, or at least parts of it should be # seriously cleaned up. The 'current fdc' index, which is used by the # FDCS macro, and which is often shadowed by a local 'fdc' variable, is a # prime example of how not to write code. # # But because nobody has the hardware or the motivation, let's just fix up # the immediate problem with a nasty band-aid: test the fdc index before # actually assigning it to the static 'fdc' variable. # # Reported-by: Jordy Zomer # Cc: Willy Tarreau # Cc: Dan Carpenter # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux-ld --version # < git log --format=%s --max-count=1 2e90ca68b0d2f5548804f22f0dd61145516171e3 # < make -s -j 80 ARCH=sh O=/kisskb/build/linus_ul2_defconfig_sh4 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux- ul2_defconfig # < make -s -j 80 ARCH=sh O=/kisskb/build/linus_ul2_defconfig_sh4 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux- help # make -s -j 80 ARCH=sh O=/kisskb/build/linus_ul2_defconfig_sh4 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux- olddefconfig # make -s -j 80 ARCH=sh O=/kisskb/build/linus_ul2_defconfig_sh4 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux- Generating include/generated/machtypes.h :1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] /kisskb/src/arch/sh/kernel/cpu/sh4/../sh3/../../entry-common.S: Assembler messages: /kisskb/src/arch/sh/kernel/cpu/sh4/../sh3/../../entry-common.S:385: Warning: overflow in branch to syscall_exit_work; converted into longer instruction sequence /kisskb/src/arch/sh/kernel/cpu/sh4/../sh3/../../entry-common.S:388: Warning: overflow in branch to syscall_exit_work; converted into longer instruction sequence /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:204:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/mm/vmstat.c: In function 'sysctl_vm_numa_stat_handler': /kisskb/src/mm/vmstat.c:90:5: warning: 'oldval' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:72:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:338:21: note: 'pdeo' was declared here /kisskb/src/fs/ext4/extents.c: In function 'ext4_convert_unwritten_io_end_vec': /kisskb/src/fs/ext4/extents.c:5009:23: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/sh/clk/cpg.c: In function 'r8': /kisskb/src/drivers/sh/clk/cpg.c:41:2: warning: passing argument 1 of 'ioread8' discards 'const' qualifier from pointer target type [enabled by default] /kisskb/src/include/asm-generic/iomap.h:29:21: note: expected 'void *' but argument is of type 'const void *' /kisskb/src/drivers/sh/clk/cpg.c: In function 'r16': /kisskb/src/drivers/sh/clk/cpg.c:46:2: warning: passing argument 1 of 'ioread16' discards 'const' qualifier from pointer target type [enabled by default] /kisskb/src/include/asm-generic/iomap.h:30:21: note: expected 'void *' but argument is of type 'const void *' /kisskb/src/drivers/sh/clk/cpg.c: In function 'r32': /kisskb/src/drivers/sh/clk/cpg.c:51:2: warning: passing argument 1 of 'ioread32' discards 'const' qualifier from pointer target type [enabled by default] /kisskb/src/include/asm-generic/iomap.h:32:21: note: expected 'void *' but argument is of type 'const void *' /kisskb/src/mm/hugetlb.c: In function 'alloc_pool_huge_page': /kisskb/src/mm/hugetlb.c:1426:5: warning: 'page' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/usb/core/devio.c: In function 'async_completed': /kisskb/src/drivers/usb/core/devio.c:625:23: warning: 'errno' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/mac80211/mlme.c: In function 'ieee80211_rx_mgmt_beacon': /kisskb/src/net/mac80211/mlme.c:1576:3: warning: 'pwr_level_cisco' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/mac80211/mlme.c:1533:6: note: 'pwr_level_cisco' was declared here /kisskb/src/fs/io_uring.c: In function '__io_sqe_files_update': /kisskb/src/fs/io_uring.c:5819:13: warning: 'err' may be used uninitialized in this function [-Wuninitialized] mm/page_alloc.o: In function `get_page_from_freelist': page_alloc.c:(.text+0x3148): undefined reference to `node_reclaim_distance' make[1]: *** [/kisskb/src/Makefile:1077: vmlinux] Error 1 make: *** [Makefile:179: sub-make] Error 2 Command 'make -s -j 80 ARCH=sh O=/kisskb/build/linus_ul2_defconfig_sh4 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/sh4-linux/bin/sh4-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/linus_ul2_defconfig_sh4 # Build took: 0:00:45.186701