From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 498DAC433E0 for ; Tue, 23 Jun 2020 01:29:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 18F972076A for ; Tue, 23 Jun 2020 01:29:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592875791; bh=l7bxu7O3X+vmkUuujige1uKZed0ixYTnVS3sz9BaX1U=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=HGjtQCDY4oQb2+xcnv/mzCFlvftinsBsOm8PfhYG+OHq6KOw6yNZN42IIxkvIfnHR e5R1udo/nFhltorcNsJfOt96rN7XICk+2qtJRMHqQS4eU6XWHsfTbdLZnf+1olfr2C sF1W7+JzBh3pL7KSYFr0Wce3gDCKYlcucfV2kYRk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731690AbgFWB3u (ORCPT ); Mon, 22 Jun 2020 21:29:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:58120 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731572AbgFWB3u (ORCPT ); Mon, 22 Jun 2020 21:29:50 -0400 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9CC6520720; Tue, 23 Jun 2020 01:29:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592875789; bh=l7bxu7O3X+vmkUuujige1uKZed0ixYTnVS3sz9BaX1U=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=bRf8yR6aJ4QC5ppZPOtMcaJvDzAOodNrt7U+fXiJuExDk40+ib5u3hsuWesF/PqXD 7vSa6DypI/D+mmc9N6MBgdvjOnoM3HhgEJIvHUtwMKkmqtn7M9REoPqSUVMWjjWqRw QMXSVbNYyY7iQ1Fi5iBI1VwN2HEq2HI6qXzO40Ds= Date: Mon, 22 Jun 2020 21:29:48 -0400 From: Sasha Levin To: gregkh@linuxfoundation.org Cc: ebiggers@google.com, drosen@google.com, jaegeuk@kernel.org, krisman@collabora.co.uk, stable@vger.kernel.org, viro@zeniv.linux.org.uk, yuchao0@huawei.com Subject: Re: FAILED: patch "[PATCH] f2fs: avoid utf8_strncasecmp() with unstable name" failed to apply to 5.7-stable tree Message-ID: <20200623012948.GU1931@sasha-vm> References: <1592575583131183@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1592575583131183@kroah.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Fri, Jun 19, 2020 at 04:06:23PM +0200, gregkh@linuxfoundation.org wrote: > >The patch below does not apply to the 5.7-stable tree. >If someone wants it applied there, or to any other stable or longterm >tree, then please email the backport, including the original git commit >id to . > >thanks, > >greg k-h > >------------------ original commit in Linus's tree ------------------ > >>From fc3bb095ab02b9e7d89a069ade2cead15c64c504 Mon Sep 17 00:00:00 2001 >From: Eric Biggers >Date: Mon, 1 Jun 2020 13:08:05 -0700 >Subject: [PATCH] f2fs: avoid utf8_strncasecmp() with unstable name > >If the dentry name passed to ->d_compare() fits in dentry::d_iname, then >it may be concurrently modified by a rename. This can cause undefined >behavior (possibly out-of-bounds memory accesses or crashes) in >utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings >that may be concurrently modified. > >Fix this by first copying the filename to a stack buffer if needed. >This way we get a stable snapshot of the filename. > >Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups") >Cc: # v5.4+ >Cc: Al Viro >Cc: Daniel Rosenberg >Cc: Gabriel Krisman Bertazi >Signed-off-by: Eric Biggers >Reviewed-by: Chao Yu >Signed-off-by: Jaegeuk Kim I've grabbed f874fa1c7c79 ("f2fs: split f2fs_d_compare() from f2fs_match_name()") as a dependency and queued both for 5.7 and 5.4. -- Thanks, Sasha