diff for duplicates of <1492711460.82584.0.camel@primarydata.com> diff --git a/a/1.txt b/N1/1.txt index cb869b7..064c2ab 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,38 +1,65 @@ -T24gV2VkLCAyMDE3LTA0LTEyIGF0IDExOjU5IC0wNzAwLCBLZWVzIENvb2sgd3JvdGU6DQo+IE9u -IFdlZCwgQXByIDUsIDIwMTcgYXQgODoyOSBBTSwgS2VlcyBDb29rIDxrZWVzY29va0BjaHJvbWl1 -bS5vcmc+DQo+IHdyb3RlOg0KPiA+IFdoZW4gdGhlIGNhbGwgdG8gbmZzX2Rldm5hbWUoKSBmYWls -cywgdGhlIGVycm9yIHBhdGggYXR0ZW1wdHMgdG8NCj4gPiByZXRhaW4NCj4gPiB0aGUgZXJyb3Ig -dmlhIHRoZSBtbnQgdmFyaWFibGUsIGJ1dCB0aGlzIHJlcXVpcmVzIGEgY2FzdCBhY3Jvc3MNCj4g -PiB2ZXJ5DQo+ID4gZGlmZmVyZW50IHR5cGVzIChjaGFyICogdG8gc3RydWN0IHZmc21vdW50ICop -LCB3aGljaCB0aGUgdXBjb21pbmcNCj4gPiBzdHJ1Y3R1cmUgbGF5b3V0IHJhbmRvbWl6YXRpb24g -cGx1Z2luIGZsYWdzIGFzIGJlaW5nIHBvdGVudGlhbGx5DQo+ID4gZGFuZ2Vyb3VzIGluIHRoZSBm -YWNlIG9mIHJhbmRvbWl6YXRpb24uIFRoaXMgaXMgYSBmYWxzZSBwb3NpdGl2ZSwNCj4gPiBidXQN -Cj4gPiB3aGF0IHRoaXMgY29kZSBhY3R1YWxseSB3YW50cyB0byBkbyBpcyByZXRhaW4gdGhlIGVy -cm9yIHZhbHVlLCBzbw0KPiA+IHRoaXMNCj4gPiBwYXRjaCBleHBsaWNpdGx5IHNldHMgaXQsIGlu -c3RlYWQgb2YgdXNpbmcgd2hhdCBzZWVtcyB0byBiZSBhbg0KPiA+IHVuZXhwZWN0ZWQgY2FzdC4N -Cj4gPiANCj4gPiBTaWduZWQtb2ZmLWJ5OiBLZWVzIENvb2sgPGtlZXNjb29rQGNocm9taXVtLm9y -Zz4NCj4gDQo+IElmIEkgY2FuIGdldCBhbiBBY2tlZC1ieSBvbiB0aGlzLCBJIGNvdWxkIHB1c2gg -aXQgdmlhIHRoZSBnY2MtcGx1Z2luDQo+IHRyZWUuDQo+IA0KPiBUaGFua3MhDQo+IA0KPiAtS2Vl -cw0KPiANCj4gPiAtLS0NCj4gPiB2MjogZHVoLCB1c2UgRVJSX0NBU1QuIHRoYW5rcyBuZWlsYiEN -Cj4gPiAtLS0NCj4gPiDCoGZzL25mcy9uYW1lc3BhY2UuYyB8IDUgKysrLS0NCj4gPiDCoDEgZmls -ZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQo+ID4gDQo+ID4gZGlm -ZiAtLWdpdCBhL2ZzL25mcy9uYW1lc3BhY2UuYyBiL2ZzL25mcy9uYW1lc3BhY2UuYw0KPiA+IGlu -ZGV4IDc4NmYxNzU4MDU4Mi4uOGNhNWQxNDcxMjRkIDEwMDY0NA0KPiA+IC0tLSBhL2ZzL25mcy9u -YW1lc3BhY2UuYw0KPiA+ICsrKyBiL2ZzL25mcy9uYW1lc3BhY2UuYw0KPiA+IEBAIC0yNTksOSAr -MjU5LDEwIEBAIHN0cnVjdCB2ZnNtb3VudCAqbmZzX2RvX3N1Ym1vdW50KHN0cnVjdCBkZW50cnkN -Cj4gPiAqZGVudHJ5LCBzdHJ1Y3QgbmZzX2ZoICpmaCwNCj4gPiDCoMKgwqDCoMKgwqDCoMKgaWYg -KHBhZ2UgPT0gTlVMTCkNCj4gPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGdvdG8g -b3V0Ow0KPiA+IMKgwqDCoMKgwqDCoMKgwqBkZXZuYW1lID0gbmZzX2Rldm5hbWUoZGVudHJ5LCBw -YWdlLCBQQUdFX1NJWkUpOw0KPiA+IC3CoMKgwqDCoMKgwqDCoG1udCA9IChzdHJ1Y3QgdmZzbW91 -bnQgKilkZXZuYW1lOw0KPiA+IC3CoMKgwqDCoMKgwqDCoGlmIChJU19FUlIoZGV2bmFtZSkpDQo+ -ID4gK8KgwqDCoMKgwqDCoMKgaWYgKElTX0VSUihkZXZuYW1lKSkgew0KPiA+ICvCoMKgwqDCoMKg -wqDCoMKgwqDCoMKgwqDCoMKgwqBtbnQgPSBFUlJfQ0FTVChkZXZuYW1lKTsNCj4gPiDCoMKgwqDC -oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGdvdG8gZnJlZV9wYWdlOw0KPiA+ICvCoMKgwqDCoMKg -wqDCoH0NCj4gPiDCoMKgwqDCoMKgwqDCoMKgbW50ID0gbmZzX2RvX2Nsb25lX21vdW50KE5GU19T -QihkZW50cnktPmRfc2IpLCBkZXZuYW1lLA0KPiA+ICZtb3VudGRhdGEpOw0KPiA+IMKgZnJlZV9w -YWdlOg0KPiA+IMKgwqDCoMKgwqDCoMKgwqBmcmVlX3BhZ2UoKHVuc2lnbmVkIGxvbmcpcGFnZSk7 -DQo+ID4gLS0NCj4gPiAyLjcuNA0KPiA+IA0KPiA+IA0KPiA+IC0tDQo+ID4gS2VlcyBDb29rDQo+ -ID4gUGl4ZWwgU2VjdXJpdHkNCj4gDQoNCkFja2VkLWJ5OiBUcm9uZCBNeWtsZWJ1c3QgPHRyb25k -Lm15a2xlYnVzdEBwcmltYXJ5ZGF0YS5jb20+DQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51 -eCBORlMgY2xpZW50IG1haW50YWluZXIsIFByaW1hcnlEYXRhDQp0cm9uZC5teWtsZWJ1c3RAcHJp -bWFyeWRhdGEuY29tDQo= +On Wed, 2017-04-12 at 11:59 -0700, Kees Cook wrote: +> On Wed, Apr 5, 2017 at 8:29 AM, Kees Cook <keescook@chromium.org> +> wrote: +> > When the call to nfs_devname() fails, the error path attempts to +> > retain +> > the error via the mnt variable, but this requires a cast across +> > very +> > different types (char * to struct vfsmount *), which the upcoming +> > structure layout randomization plugin flags as being potentially +> > dangerous in the face of randomization. This is a false positive, +> > but +> > what this code actually wants to do is retain the error value, so +> > this +> > patch explicitly sets it, instead of using what seems to be an +> > unexpected cast. +> > +> > Signed-off-by: Kees Cook <keescook@chromium.org> +> +> If I can get an Acked-by on this, I could push it via the gcc-plugin +> tree. +> +> Thanks! +> +> -Kees +> +> > --- +> > v2: duh, use ERR_CAST. thanks neilb! +> > --- +> > fs/nfs/namespace.c | 5 +++-- +> > 1 file changed, 3 insertions(+), 2 deletions(-) +> > +> > diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c +> > index 786f17580582..8ca5d147124d 100644 +> > --- a/fs/nfs/namespace.c +> > +++ b/fs/nfs/namespace.c +> > @@ -259,9 +259,10 @@ struct vfsmount *nfs_do_submount(struct dentry +> > *dentry, struct nfs_fh *fh, +> > if (page == NULL) +> > goto out; +> > devname = nfs_devname(dentry, page, PAGE_SIZE); +> > - mnt = (struct vfsmount *)devname; +> > - if (IS_ERR(devname)) +> > + if (IS_ERR(devname)) { +> > + mnt = ERR_CAST(devname); +> > goto free_page; +> > + } +> > mnt = nfs_do_clone_mount(NFS_SB(dentry->d_sb), devname, +> > &mountdata); +> > free_page: +> > free_page((unsigned long)page); +> > -- +> > 2.7.4 +> > +> > +> > -- +> > Kees Cook +> > Pixel Security +> + +Acked-by: Trond Myklebust <trond.myklebust@primarydata.com> + +-- +Trond Myklebust +Linux NFS client maintainer, PrimaryData +trond.myklebust@primarydata.com diff --git a/a/content_digest b/N1/content_digest index fb789e9..efdd217 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -11,43 +11,70 @@ " linux-nfs@vger.kernel.org <linux-nfs@vger.kernel.org>\0" "\00:1\0" "b\0" - "T24gV2VkLCAyMDE3LTA0LTEyIGF0IDExOjU5IC0wNzAwLCBLZWVzIENvb2sgd3JvdGU6DQo+IE9u\n" - "IFdlZCwgQXByIDUsIDIwMTcgYXQgODoyOSBBTSwgS2VlcyBDb29rIDxrZWVzY29va0BjaHJvbWl1\n" - "bS5vcmc+DQo+IHdyb3RlOg0KPiA+IFdoZW4gdGhlIGNhbGwgdG8gbmZzX2Rldm5hbWUoKSBmYWls\n" - "cywgdGhlIGVycm9yIHBhdGggYXR0ZW1wdHMgdG8NCj4gPiByZXRhaW4NCj4gPiB0aGUgZXJyb3Ig\n" - "dmlhIHRoZSBtbnQgdmFyaWFibGUsIGJ1dCB0aGlzIHJlcXVpcmVzIGEgY2FzdCBhY3Jvc3MNCj4g\n" - "PiB2ZXJ5DQo+ID4gZGlmZmVyZW50IHR5cGVzIChjaGFyICogdG8gc3RydWN0IHZmc21vdW50ICop\n" - "LCB3aGljaCB0aGUgdXBjb21pbmcNCj4gPiBzdHJ1Y3R1cmUgbGF5b3V0IHJhbmRvbWl6YXRpb24g\n" - "cGx1Z2luIGZsYWdzIGFzIGJlaW5nIHBvdGVudGlhbGx5DQo+ID4gZGFuZ2Vyb3VzIGluIHRoZSBm\n" - "YWNlIG9mIHJhbmRvbWl6YXRpb24uIFRoaXMgaXMgYSBmYWxzZSBwb3NpdGl2ZSwNCj4gPiBidXQN\n" - "Cj4gPiB3aGF0IHRoaXMgY29kZSBhY3R1YWxseSB3YW50cyB0byBkbyBpcyByZXRhaW4gdGhlIGVy\n" - "cm9yIHZhbHVlLCBzbw0KPiA+IHRoaXMNCj4gPiBwYXRjaCBleHBsaWNpdGx5IHNldHMgaXQsIGlu\n" - "c3RlYWQgb2YgdXNpbmcgd2hhdCBzZWVtcyB0byBiZSBhbg0KPiA+IHVuZXhwZWN0ZWQgY2FzdC4N\n" - "Cj4gPiANCj4gPiBTaWduZWQtb2ZmLWJ5OiBLZWVzIENvb2sgPGtlZXNjb29rQGNocm9taXVtLm9y\n" - "Zz4NCj4gDQo+IElmIEkgY2FuIGdldCBhbiBBY2tlZC1ieSBvbiB0aGlzLCBJIGNvdWxkIHB1c2gg\n" - "aXQgdmlhIHRoZSBnY2MtcGx1Z2luDQo+IHRyZWUuDQo+IA0KPiBUaGFua3MhDQo+IA0KPiAtS2Vl\n" - "cw0KPiANCj4gPiAtLS0NCj4gPiB2MjogZHVoLCB1c2UgRVJSX0NBU1QuIHRoYW5rcyBuZWlsYiEN\n" - "Cj4gPiAtLS0NCj4gPiDCoGZzL25mcy9uYW1lc3BhY2UuYyB8IDUgKysrLS0NCj4gPiDCoDEgZmls\n" - "ZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQo+ID4gDQo+ID4gZGlm\n" - "ZiAtLWdpdCBhL2ZzL25mcy9uYW1lc3BhY2UuYyBiL2ZzL25mcy9uYW1lc3BhY2UuYw0KPiA+IGlu\n" - "ZGV4IDc4NmYxNzU4MDU4Mi4uOGNhNWQxNDcxMjRkIDEwMDY0NA0KPiA+IC0tLSBhL2ZzL25mcy9u\n" - "YW1lc3BhY2UuYw0KPiA+ICsrKyBiL2ZzL25mcy9uYW1lc3BhY2UuYw0KPiA+IEBAIC0yNTksOSAr\n" - "MjU5LDEwIEBAIHN0cnVjdCB2ZnNtb3VudCAqbmZzX2RvX3N1Ym1vdW50KHN0cnVjdCBkZW50cnkN\n" - "Cj4gPiAqZGVudHJ5LCBzdHJ1Y3QgbmZzX2ZoICpmaCwNCj4gPiDCoMKgwqDCoMKgwqDCoMKgaWYg\n" - "KHBhZ2UgPT0gTlVMTCkNCj4gPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGdvdG8g\n" - "b3V0Ow0KPiA+IMKgwqDCoMKgwqDCoMKgwqBkZXZuYW1lID0gbmZzX2Rldm5hbWUoZGVudHJ5LCBw\n" - "YWdlLCBQQUdFX1NJWkUpOw0KPiA+IC3CoMKgwqDCoMKgwqDCoG1udCA9IChzdHJ1Y3QgdmZzbW91\n" - "bnQgKilkZXZuYW1lOw0KPiA+IC3CoMKgwqDCoMKgwqDCoGlmIChJU19FUlIoZGV2bmFtZSkpDQo+\n" - "ID4gK8KgwqDCoMKgwqDCoMKgaWYgKElTX0VSUihkZXZuYW1lKSkgew0KPiA+ICvCoMKgwqDCoMKg\n" - "wqDCoMKgwqDCoMKgwqDCoMKgwqBtbnQgPSBFUlJfQ0FTVChkZXZuYW1lKTsNCj4gPiDCoMKgwqDC\n" - "oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGdvdG8gZnJlZV9wYWdlOw0KPiA+ICvCoMKgwqDCoMKg\n" - "wqDCoH0NCj4gPiDCoMKgwqDCoMKgwqDCoMKgbW50ID0gbmZzX2RvX2Nsb25lX21vdW50KE5GU19T\n" - "QihkZW50cnktPmRfc2IpLCBkZXZuYW1lLA0KPiA+ICZtb3VudGRhdGEpOw0KPiA+IMKgZnJlZV9w\n" - "YWdlOg0KPiA+IMKgwqDCoMKgwqDCoMKgwqBmcmVlX3BhZ2UoKHVuc2lnbmVkIGxvbmcpcGFnZSk7\n" - "DQo+ID4gLS0NCj4gPiAyLjcuNA0KPiA+IA0KPiA+IA0KPiA+IC0tDQo+ID4gS2VlcyBDb29rDQo+\n" - "ID4gUGl4ZWwgU2VjdXJpdHkNCj4gDQoNCkFja2VkLWJ5OiBUcm9uZCBNeWtsZWJ1c3QgPHRyb25k\n" - "Lm15a2xlYnVzdEBwcmltYXJ5ZGF0YS5jb20+DQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51\n" - "eCBORlMgY2xpZW50IG1haW50YWluZXIsIFByaW1hcnlEYXRhDQp0cm9uZC5teWtsZWJ1c3RAcHJp\n" - bWFyeWRhdGEuY29tDQo= + "On Wed, 2017-04-12 at 11:59 -0700, Kees Cook wrote:\n" + "> On Wed, Apr 5, 2017 at 8:29 AM, Kees Cook <keescook@chromium.org>\n" + "> wrote:\n" + "> > When the call to nfs_devname() fails, the error path attempts to\n" + "> > retain\n" + "> > the error via the mnt variable, but this requires a cast across\n" + "> > very\n" + "> > different types (char * to struct vfsmount *), which the upcoming\n" + "> > structure layout randomization plugin flags as being potentially\n" + "> > dangerous in the face of randomization. This is a false positive,\n" + "> > but\n" + "> > what this code actually wants to do is retain the error value, so\n" + "> > this\n" + "> > patch explicitly sets it, instead of using what seems to be an\n" + "> > unexpected cast.\n" + "> > \n" + "> > Signed-off-by: Kees Cook <keescook@chromium.org>\n" + "> \n" + "> If I can get an Acked-by on this, I could push it via the gcc-plugin\n" + "> tree.\n" + "> \n" + "> Thanks!\n" + "> \n" + "> -Kees\n" + "> \n" + "> > ---\n" + "> > v2: duh, use ERR_CAST. thanks neilb!\n" + "> > ---\n" + "> > \302\240fs/nfs/namespace.c | 5 +++--\n" + "> > \302\2401 file changed, 3 insertions(+), 2 deletions(-)\n" + "> > \n" + "> > diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c\n" + "> > index 786f17580582..8ca5d147124d 100644\n" + "> > --- a/fs/nfs/namespace.c\n" + "> > +++ b/fs/nfs/namespace.c\n" + "> > @@ -259,9 +259,10 @@ struct vfsmount *nfs_do_submount(struct dentry\n" + "> > *dentry, struct nfs_fh *fh,\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240if (page == NULL)\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240goto out;\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240devname = nfs_devname(dentry, page, PAGE_SIZE);\n" + "> > -\302\240\302\240\302\240\302\240\302\240\302\240\302\240mnt = (struct vfsmount *)devname;\n" + "> > -\302\240\302\240\302\240\302\240\302\240\302\240\302\240if (IS_ERR(devname))\n" + "> > +\302\240\302\240\302\240\302\240\302\240\302\240\302\240if (IS_ERR(devname)) {\n" + "> > +\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240mnt = ERR_CAST(devname);\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240goto free_page;\n" + "> > +\302\240\302\240\302\240\302\240\302\240\302\240\302\240}\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240mnt = nfs_do_clone_mount(NFS_SB(dentry->d_sb), devname,\n" + "> > &mountdata);\n" + "> > \302\240free_page:\n" + "> > \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240free_page((unsigned long)page);\n" + "> > --\n" + "> > 2.7.4\n" + "> > \n" + "> > \n" + "> > --\n" + "> > Kees Cook\n" + "> > Pixel Security\n" + "> \n" + "\n" + "Acked-by: Trond Myklebust <trond.myklebust@primarydata.com>\n" + "\n" + "-- \n" + "Trond Myklebust\n" + "Linux NFS client maintainer, PrimaryData\n" + trond.myklebust@primarydata.com -8ec6bd90b32c1112ec65a5b94ca49e1fc45494c505f8f009365bcc90ebdd76be +6a6aa9c1b240ad782e8577b4acddb5cd055d691acb0bffc45b6920e47ecb1aa7
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.