# git rev-parse -q --verify 2e90ca68b0d2f5548804f22f0dd61145516171e3^{commit} 2e90ca68b0d2f5548804f22f0dd61145516171e3 already have revision, skipping fetch # git checkout -q -f -B kisskb 2e90ca68b0d2f5548804f22f0dd61145516171e3 # git clean -qxdf # < git log -1 # commit 2e90ca68b0d2f5548804f22f0dd61145516171e3 # Author: Linus Torvalds # Date: Fri Feb 21 12:43:35 2020 -0800 # # floppy: check FDC index for errors before assigning it # # Jordy Zomer reported a KASAN out-of-bounds read in the floppy driver in # wait_til_ready(). # # Which on the face of it can't happen, since as Willy Tarreau points out, # the function does no particular memory access. Except through the FDCS # macro, which just indexes a static allocation through teh current fdc, # which is always checked against N_FDC. # # Except the checking happens after we've already assigned the value. # # The floppy driver is a disgrace (a lot of it going back to my original # horrd "design"), and has no real maintainer. Nobody has the hardware, # and nobody really cares. But it still gets used in virtual environment # because it's one of those things that everybody supports. # # The whole thing should be re-written, or at least parts of it should be # seriously cleaned up. The 'current fdc' index, which is used by the # FDCS macro, and which is often shadowed by a local 'fdc' variable, is a # prime example of how not to write code. # # But because nobody has the hardware or the motivation, let's just fix up # the immediate problem with a nasty band-aid: test the fdc index before # actually assigning it to the static 'fdc' variable. # # Reported-by: Jordy Zomer # Cc: Willy Tarreau # Cc: Dan Carpenter # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 2e90ca68b0d2f5548804f22f0dd61145516171e3 # < make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- randconfig KCONFIG_SEED=0xE3E15E78 # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_CPU_BIG_ENDIAN=y # Added to kconfig CONFIG_PPC64=y # Added to kconfig CONFIG_PPC_DISABLE_WERROR=y # Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y # Added to kconfig CONFIG_TRIM_UNUSED_KSYMS=n # Added to kconfig CONFIG_UBSAN=n # < make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig .config:4731:warning: override: reassigning to symbol CPU_BIG_ENDIAN .config:4731:warning: override: CPU_BIG_ENDIAN changes choice state .config:4733:warning: override: reassigning to symbol PPC_DISABLE_WERROR .config:4735:warning: override: reassigning to symbol PREVENT_FIRMWARE_BUILD # make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- In file included from /kisskb/src/include/linux/kernel.h:11, from /kisskb/src/include/linux/list.h:9, from /kisskb/src/include/linux/wait.h:7, from /kisskb/src/include/linux/wait_bit.h:8, from /kisskb/src/include/linux/fs.h:6, from /kisskb/src/include/linux/debugfs.h:15, from /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c:12: /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c: In function 'pseries_find': /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c:262:18: error: 'H_SUCCESS' undeclared (first use in this function) 262 | if (lpar_rc != H_SUCCESS) | ^~~~~~~~~ /kisskb/src/include/linux/compiler.h:58:52: note: in definition of macro '__trace_if_var' 58 | #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) | ^~~~ /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c:262:3: note: in expansion of macro 'if' 262 | if (lpar_rc != H_SUCCESS) | ^~ /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c:262:18: note: each undeclared identifier is reported only once for each function it appears in 262 | if (lpar_rc != H_SUCCESS) | ^~~~~~~~~ /kisskb/src/include/linux/compiler.h:58:52: note: in definition of macro '__trace_if_var' 58 | #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) | ^~~~ /kisskb/src/arch/powerpc/mm/ptdump/hashpagetable.c:262:3: note: in expansion of macro 'if' 262 | if (lpar_rc != H_SUCCESS) | ^~ make[4]: *** [/kisskb/src/scripts/Makefile.build:267: arch/powerpc/mm/ptdump/hashpagetable.o] Error 1 make[4]: *** Waiting for unfinished jobs.... make[3]: *** [/kisskb/src/scripts/Makefile.build:505: arch/powerpc/mm/ptdump] Error 2 make[3]: *** Waiting for unfinished jobs.... /kisskb/src/arch/powerpc/kernel/watchdog.c: In function 'watchdog_smp_panic': /kisskb/src/arch/powerpc/kernel/watchdog.c:175:4: error: implicit declaration of function 'smp_send_nmi_ipi'; did you mean 'smp_send_stop'? [-Werror=implicit-function-declaration] 175 | smp_send_nmi_ipi(c, wd_lockup_ipi, 1000000); | ^~~~~~~~~~~~~~~~ | smp_send_stop cc1: some warnings being treated as errors make[3]: *** [/kisskb/src/scripts/Makefile.build:268: arch/powerpc/kernel/watchdog.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/kisskb/src/scripts/Makefile.build:505: arch/powerpc/kernel] Error 2 make[2]: *** Waiting for unfinished jobs.... /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c:780: warning: "radix__flush_all_mm" redefined 780 | #define radix__flush_all_mm radix__local_flush_all_mm | In file included from /kisskb/src/arch/powerpc/include/asm/book3s/64/radix.h:18, from /kisskb/src/arch/powerpc/include/asm/book3s/64/pgtable.h:296, from /kisskb/src/arch/powerpc/include/asm/book3s/64/mmu-hash.h:20, from /kisskb/src/arch/powerpc/include/asm/book3s/64/mmu.h:46, from /kisskb/src/arch/powerpc/include/asm/mmu.h:356, from /kisskb/src/arch/powerpc/include/asm/lppaca.h:47, from /kisskb/src/arch/powerpc/include/asm/paca.h:17, from /kisskb/src/arch/powerpc/include/asm/current.h:13, from /kisskb/src/include/linux/thread_info.h:21, from /kisskb/src/include/asm-generic/preempt.h:5, from ./arch/powerpc/include/generated/asm/preempt.h:1, from /kisskb/src/include/linux/preempt.h:78, from /kisskb/src/include/linux/spinlock.h:51, from /kisskb/src/include/linux/mmzone.h:8, from /kisskb/src/include/linux/gfp.h:6, from /kisskb/src/include/linux/mm.h:10, from /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c:8: /kisskb/src/arch/powerpc/include/asm/book3s/64/tlbflush-radix.h:68: note: this is the location of the previous definition 68 | #define radix__flush_all_mm(mm) radix__local_flush_all_mm(mm) | /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c: In function '__radix__flush_tlb_range': /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c:848:5: error: implicit declaration of function 'exit_flush_lazy_tlbs' [-Werror=implicit-function-declaration] 848 | exit_flush_lazy_tlbs(mm); | ^~~~~~~~~~~~~~~~~~~~ /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c: In function 'radix__tlb_flush': /kisskb/src/arch/powerpc/mm/book3s64/radix_tlb.c:999:3: error: implicit declaration of function '__flush_all_mm'; did you mean 'flush_all_mm'? [-Werror=implicit-function-declaration] 999 | __flush_all_mm(mm, true); | ^~~~~~~~~~~~~~ | flush_all_mm cc1: some warnings being treated as errors make[4]: *** [/kisskb/src/scripts/Makefile.build:267: arch/powerpc/mm/book3s64/radix_tlb.o] Error 1 make[3]: *** [/kisskb/src/scripts/Makefile.build:505: arch/powerpc/mm/book3s64] Error 2 make[2]: *** [/kisskb/src/scripts/Makefile.build:505: arch/powerpc/mm] Error 2 make[1]: *** [/kisskb/src/Makefile:1681: arch/powerpc] Error 2 make[1]: *** Waiting for unfinished jobs.... /kisskb/src/drivers/virtio/virtio_balloon.c: In function 'virtballoon_probe': /kisskb/src/drivers/virtio/virtio_balloon.c:963:1: warning: label 'out_del_vqs' defined but not used [-Wunused-label] 963 | out_del_vqs: | ^~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/drivers/tty/ehv_bytechan.c: In function 'ehv_bc_udbg_putc': /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:298:20: warning: array subscript 1 is outside array bounds of 'const char[1]' [-Warray-bounds] 298 | r6 = be32_to_cpu(p[1]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:298:7: note: in expansion of macro 'be32_to_cpu' 298 | r6 = be32_to_cpu(p[1]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:299:20: warning: array subscript 2 is outside array bounds of 'const char[1]' [-Warray-bounds] 299 | r7 = be32_to_cpu(p[2]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:299:7: note: in expansion of macro 'be32_to_cpu' 299 | r7 = be32_to_cpu(p[2]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:300:20: warning: array subscript 3 is outside array bounds of 'const char[1]' [-Warray-bounds] 300 | r8 = be32_to_cpu(p[3]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:300:7: note: in expansion of macro 'be32_to_cpu' 300 | r8 = be32_to_cpu(p[3]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:298:20: warning: array subscript 1 is outside array bounds of 'const char[1]' [-Warray-bounds] 298 | r6 = be32_to_cpu(p[1]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:298:7: note: in expansion of macro 'be32_to_cpu' 298 | r6 = be32_to_cpu(p[1]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:299:20: warning: array subscript 2 is outside array bounds of 'const char[1]' [-Warray-bounds] 299 | r7 = be32_to_cpu(p[2]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:299:7: note: in expansion of macro 'be32_to_cpu' 299 | r7 = be32_to_cpu(p[2]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ In file included from /kisskb/src/include/linux/byteorder/big_endian.h:5, from /kisskb/src/arch/powerpc/include/uapi/asm/byteorder.h:14, from /kisskb/src/include/asm-generic/bitops/le.h:6, from /kisskb/src/arch/powerpc/include/asm/bitops.h:250, from /kisskb/src/include/linux/bitops.h:29, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/asm-generic/bug.h:19, from /kisskb/src/arch/powerpc/include/asm/bug.h:109, from /kisskb/src/include/linux/bug.h:5, from /kisskb/src/include/linux/mmdebug.h:5, from /kisskb/src/include/linux/gfp.h:5, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/drivers/tty/ehv_bytechan.c:24: /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:300:20: warning: array subscript 3 is outside array bounds of 'const char[1]' [-Warray-bounds] 300 | r8 = be32_to_cpu(p[3]); /kisskb/src/include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro '__be32_to_cpu' 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x)) | ^ /kisskb/src/arch/powerpc/include/asm/epapr_hcalls.h:300:7: note: in expansion of macro 'be32_to_cpu' 300 | r8 = be32_to_cpu(p[3]); | ^~~~~~~~~~~ /kisskb/src/drivers/tty/ehv_bytechan.c:166:13: note: while referencing 'data' 166 | static void ehv_bc_udbg_putc(char c) | ^~~~~~~~~~~~~~~~ make: *** [Makefile:179: sub-make] Error 2 Command 'make -s -j 80 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-9.2.0-nolibc/powerpc64-linux/bin/powerpc64-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc9 # Build took: 0:04:34.590602