From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Vegard Nossum <vegard.nossum@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.9 27/78] fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
Date: Thu, 13 Sep 2018 15:31:14 +0200 [thread overview]
Message-ID: <20180913131808.123661883@linuxfoundation.org> (raw)
In-Reply-To: <20180913131805.732342940@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d ]
Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
are initialized at __d_alloc(), we can't copy the whole size
unconditionally.
WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50)
636f6e66696766732e746d70000000000010000000000000020000000188ffff
i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
^
RIP: 0010:take_dentry_name_snapshot+0x28/0x50
RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246
RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002
RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60
RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001
R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00
R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0
take_dentry_name_snapshot+0x28/0x50
vfs_rename+0x128/0x870
SyS_rename+0x3b2/0x3d0
entry_SYSCALL_64_fastpath+0x1a/0xa4
0xffffffffffffffff
Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -286,7 +286,8 @@ void take_dentry_name_snapshot(struct na
spin_unlock(&dentry->d_lock);
name->name = p->name;
} else {
- memcpy(name->inline_name, dentry->d_iname, DNAME_INLINE_LEN);
+ memcpy(name->inline_name, dentry->d_iname,
+ dentry->d_name.len + 1);
spin_unlock(&dentry->d_lock);
name->name = name->inline_name;
}
next prev parent reply other threads:[~2018-09-13 13:37 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-13 13:30 [PATCH 4.9 00/78] 4.9.127-stable review Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 01/78] x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 02/78] act_ife: fix a potential use-after-free Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 03/78] ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 04/78] net: bcmgenet: use MAC link status for fixed phy Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 05/78] net: sched: Fix memory exposure from short TCA_U32_SEL Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 06/78] qlge: Fix netdev features configuration Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 07/78] r8169: add support for NCube 8168 network card Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 08/78] tcp: do not restart timewait timer on rst reception Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 09/78] vti6: remove !skb->ignore_df check from vti6_xmit() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 10/78] sctp: hold transport before accessing its asoc in sctp_transport_get_next Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 11/78] vhost: correctly check the iova range when waking virtqueue Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.9 12/78] hv_netvsc: ignore devices that are not PCI Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 13/78] act_ife: move tcfa_lock down to where necessary Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 14/78] act_ife: fix a potential deadlock Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 15/78] net: sched: action_ife: take reference to meta module Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 16/78] cifs: check if SMB2 PDU size has been padded and suppress the warning Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 17/78] hfsplus: dont return 0 when fill_super() failed Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 18/78] hfs: prevent crash on exit from failed search Greg Kroah-Hartman
2018-09-13 13:31 ` Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 19/78] sunrpc: Dont use stack buffer with scatterlist Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 20/78] fork: dont copy inconsistent signal handler state to child Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 21/78] reiserfs: change j_timestamp type to time64_t Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 22/78] hfsplus: fix NULL dereference in hfsplus_lookup() Greg Kroah-Hartman
2018-09-13 13:31 ` Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 23/78] fat: validate ->i_start before using Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 24/78] scripts: modpost: check memory allocation results Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 25/78] virtio: pci-legacy: Validate queue pfn Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 26/78] mm/fadvise.c: fix signed overflow UBSAN complaint Greg Kroah-Hartman
2018-09-13 13:31 ` Greg Kroah-Hartman [this message]
2018-09-13 13:31 ` [PATCH 4.9 28/78] platform/x86: intel_punit_ipc: fix build errors Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 29/78] s390/kdump: Fix memleak in nt_vmcoreinfo Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 30/78] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 31/78] mfd: sm501: Set coherent_dma_mask when creating subdevices Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 32/78] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 33/78] RDMA/hns: Fix usage of bitmap allocation functions return values Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 34/78] irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 35/78] net/9p/trans_fd.c: fix race by holding the lock Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 36/78] net/9p: fix error path of p9_virtio_probe Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 37/78] powerpc: Fix size calculation using resource_size() Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 38/78] perf probe powerpc: Fix trace event post-processing Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 39/78] block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 40/78] s390/dasd: fix hanging offline processing due to canceled worker Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 41/78] s390/dasd: fix panic for failed online processing Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 42/78] ACPI / scan: Initialize status to ACPI_STA_DEFAULT Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 43/78] scsi: aic94xx: fix an error code in aic94xx_init() Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 44/78] PCI: mvebu: Fix I/O space end address calculation Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 45/78] dm kcopyd: avoid softlockup in run_complete_job Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 46/78] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 47/78] selftests/powerpc: Kill child processes on SIGINT Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 48/78] RDS: IB: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 49/78] smb3: fix reset of bytes read and written stats Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 50/78] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 51/78] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 52/78] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 53/78] btrfs: replace: Reset on-disk dev stats value after replace Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 54/78] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 55/78] btrfs: Dont remove block group that still has pinned down bytes Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 56/78] arm64: rockchip: Force CONFIG_PM on Rockchip systems Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 57/78] ARM: " Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 58/78] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 59/78] tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 60/78] debugobjects: Make stack check warning more informative Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 61/78] x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 62/78] kbuild: make missing $DEPMOD a Warning instead of an Error Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 63/78] irda: Fix memory leak caused by repeated binds of irda socket Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 64/78] irda: Only insert new objects into the global database via setsockopt Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 65/78] Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 66/78] enic: do not call enic_change_mtu in enic_probe Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 67/78] Fixes: Commit 2aa6d036b716 ("mm: numa: avoid waiting on freed migrated pages") Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 68/78] sch_htb: fix crash on init failure Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 69/78] sch_multiq: fix double free " Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 70/78] sch_hhf: fix null pointer dereference " Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 71/78] sch_netem: avoid null pointer deref " Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.9 72/78] sch_tbf: fix two null pointer dereferences " Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 73/78] mei: me: allow runtime pm for platform with D0i3 Greg Kroah-Hartman
2018-09-13 13:32 ` Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 74/78] s390/lib: use expoline for all bcr instructions Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 75/78] ASoC: wm8994: Fix missing break in switch Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 76/78] btrfs: use correct compare function of dirty_metadata_bytes Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 77/78] arm64: Fix mismatched cache line size detection Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.9 78/78] arm64: Handle mismatched cache type Greg Kroah-Hartman
2018-09-13 19:10 ` [PATCH 4.9 00/78] 4.9.127-stable review Nathan Chancellor
2018-09-14 12:42 ` Naresh Kamboju
2018-09-14 14:55 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180913131808.123661883@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alexander.levin@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vegard.nossum@gmail.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.