# git rev-parse -q --verify 2e90ca68b0d2f5548804f22f0dd61145516171e3^{commit} 2e90ca68b0d2f5548804f22f0dd61145516171e3 already have revision, skipping fetch # git checkout -q -f -B kisskb 2e90ca68b0d2f5548804f22f0dd61145516171e3 # git clean -qxdf # < git log -1 # commit 2e90ca68b0d2f5548804f22f0dd61145516171e3 # Author: Linus Torvalds # Date: Fri Feb 21 12:43:35 2020 -0800 # # floppy: check FDC index for errors before assigning it # # Jordy Zomer reported a KASAN out-of-bounds read in the floppy driver in # wait_til_ready(). # # Which on the face of it can't happen, since as Willy Tarreau points out, # the function does no particular memory access. Except through the FDCS # macro, which just indexes a static allocation through teh current fdc, # which is always checked against N_FDC. # # Except the checking happens after we've already assigned the value. # # The floppy driver is a disgrace (a lot of it going back to my original # horrd "design"), and has no real maintainer. Nobody has the hardware, # and nobody really cares. But it still gets used in virtual environment # because it's one of those things that everybody supports. # # The whole thing should be re-written, or at least parts of it should be # seriously cleaned up. The 'current fdc' index, which is used by the # FDCS macro, and which is often shadowed by a local 'fdc' variable, is a # prime example of how not to write code. # # But because nobody has the hardware or the motivation, let's just fix up # the immediate problem with a nasty band-aid: test the fdc index before # actually assigning it to the static 'fdc' variable. # # Reported-by: Jordy Zomer # Cc: Willy Tarreau # Cc: Dan Carpenter # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux-ld --version # < git log --format=%s --max-count=1 2e90ca68b0d2f5548804f22f0dd61145516171e3 # < make -s -j 80 ARCH=m68k O=/kisskb/build/linus_m5272c3_defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- m5272c3_defconfig # < make -s -j 80 ARCH=m68k O=/kisskb/build/linus_m5272c3_defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- help # make -s -j 80 ARCH=m68k O=/kisskb/build/linus_m5272c3_defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- olddefconfig # make -s -j 80 ARCH=m68k O=/kisskb/build/linus_m5272c3_defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- /kisskb/src/drivers/net/ethernet/freescale/fec_main.c: In function 'fec_restart': /kisskb/src/drivers/net/ethernet/freescale/fec_main.c:915:6: warning: unused variable 'val' [-Wunused-variable] u32 val; ^~~ /kisskb/src/drivers/net/ethernet/freescale/fec_main.c: In function 'fec_get_mac': /kisskb/src/drivers/net/ethernet/freescale/fec_main.c:1643:28: warning: unused variable 'pdata' [-Wunused-variable] struct fec_platform_data *pdata = dev_get_platdata(&fep->pdev->dev); ^~~~~ In file included from /kisskb/src/arch/m68k/include/asm/atomic.h:7, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/spinlock.h:445, from /kisskb/src/include/linux/seqlock.h:36, from /kisskb/src/include/linux/time.h:6, from /kisskb/src/include/linux/stat.h:19, from /kisskb/src/include/linux/module.h:13, from /kisskb/src/net/core/filter.c:20: /kisskb/src/net/core/filter.c: In function 'bpf_clear_redirect_map': /kisskb/src/arch/m68k/include/asm/cmpxchg.h:137:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__cmpxchg_local_generic((ptr), (unsigned long)(o),\ ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (unsigned long)(n), sizeof(*(ptr)))) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/include/asm-generic/cmpxchg.h:106:28: note: in expansion of macro 'cmpxchg_local' #define cmpxchg(ptr, o, n) cmpxchg_local((ptr), (o), (n)) ^~~~~~~~~~~~~ /kisskb/src/net/core/filter.c:3516:4: note: in expansion of macro 'cmpxchg' cmpxchg(&ri->map, map, NULL); ^~~~~~~ Completed OK # rm -rf /kisskb/build/linus_m5272c3_defconfig_m68k # Build took: 0:00:29.480169