Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.com>2018-11-01 14:04:41 +1100
committerNeilBrown <neilb@suse.com>2018-11-01 14:06:10 +1100
commite22c5148c06e52cea1346b648a4ef15ad7b8204e (patch)
treed4aa156a36270235b50a0d62a3f45a08b7057a72
parent014cb60e0001e88cb0cd96809d1a946f5e3c04f3 (diff)
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
(git-fixes).
-rw-r--r--patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch56
-rw-r--r--series.conf1
2 files changed, 57 insertions, 0 deletions
diff --git a/patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch b/patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch
new file mode 100644
index 0000000000..b31b3b20a6
--- /dev/null
+++ b/patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch
@@ -0,0 +1,56 @@
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Fri, 17 Aug 2018 15:44:34 -0700
+Subject: [PATCH] fs/dcache.c: fix kmemcheck splat at
+ take_dentry_name_snapshot()
+Git-commit: 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d
+Patch-mainline: v4.19
+References: git-fixes
+
+Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
+are initialized at __d_alloc(), we can't copy the whole size
+unconditionally.
+
+ WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50)
+ 636f6e66696766732e746d70000000000010000000000000020000000188ffff
+ i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
+ ^
+ RIP: 0010:take_dentry_name_snapshot+0x28/0x50
+ RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246
+ RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002
+ RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60
+ RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001
+ R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00
+ R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000
+ FS: 00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0
+ take_dentry_name_snapshot+0x28/0x50
+ vfs_rename+0x128/0x870
+ SyS_rename+0x3b2/0x3d0
+ entry_SYSCALL_64_fastpath+0x1a/0xa4
+ 0xffffffffffffffff
+
+Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Vegard Nossum <vegard.nossum@gmail.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/dcache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -288,7 +288,8 @@ void take_dentry_name_snapshot(struct na
+ spin_unlock(&dentry->d_lock);
+ name->name = p->name;
+ } else {
+- memcpy(name->inline_name, dentry->d_iname, DNAME_INLINE_LEN);
++ memcpy(name->inline_name, dentry->d_iname,
++ dentry->d_name.len + 1);
+ spin_unlock(&dentry->d_lock);
+ name->name = name->inline_name;
+ }
diff --git a/series.conf b/series.conf
index a8180e8784..5ffca0264c 100644
--- a/series.conf
+++ b/series.conf
@@ -17662,6 +17662,7 @@
patches.drivers/IB-mlx4-Use-4K-pages-for-kernel-QP-s-WQE-buffer.patch
patches.drivers/IB-IPoIB-Set-ah-valid-flag-in-multicast-send-flow.patch
patches.fixes/dax-remove-VM_MIXEDMAP-for-fsdax-and-device-dax.patch
+ patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch
patches.suse/mm-page_alloc-double-zone-s-batchsize.patch
patches.fixes/net-9p-fix-error-path-of-p9_virtio_probe.patch
patches.fixes/net-9p-client.c-version-pointer-uninitialized.patch