From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Dr. David Alan Gilbert" <linux@treblig.org>,
syzbot+5fc38b2ddbbca7f5c680@syzkaller.appspotmail.com,
Kees Cook <keescook@chromium.org>,
Dave Kleikamp <dave.kleikamp@oracle.com>,
Sasha Levin <sashal@kernel.org>,
shaggy@kernel.org, brauner@kernel.org,
jfs-discussion@lists.sourceforge.net
Subject: [PATCH AUTOSEL 6.0 03/16] jfs: Fix fortify moan in symlink
Date: Sat, 17 Dec 2022 10:28:06 -0500 [thread overview]
Message-ID: <20221217152821.98618-3-sashal@kernel.org> (raw)
In-Reply-To: <20221217152821.98618-1-sashal@kernel.org>
From: "Dr. David Alan Gilbert" <linux@treblig.org>
[ Upstream commit ebe060369f8d6e4588b115f252bebf5ba4d64350 ]
JFS has in jfs_incore.h:
/* _inline may overflow into _inline_ea when needed */
/* _inline_ea may overlay the last part of
* file._xtroot if maxentry = XTROOTINITSLOT
*/
union {
struct {
/* 128: inline symlink */
unchar _inline[128];
/* 128: inline extended attr */
unchar _inline_ea[128];
};
unchar _inline_all[256];
and currently the symlink code copies into _inline;
if this is larger than 128 bytes it triggers a fortify warning of the
form:
memcpy: detected field-spanning write (size 132) of single field
"ip->i_link" at fs/jfs/namei.c:950 (size 18446744073709551615)
when it's actually OK.
Copy it into _inline_all instead.
Reported-by: syzbot+5fc38b2ddbbca7f5c680@syzkaller.appspotmail.com
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 9db4f5789c0e..4fbbf88435e6 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -946,7 +946,7 @@ static int jfs_symlink(struct user_namespace *mnt_userns, struct inode *dip,
if (ssize <= IDATASIZE) {
ip->i_op = &jfs_fast_symlink_inode_operations;
- ip->i_link = JFS_IP(ip)->i_inline;
+ ip->i_link = JFS_IP(ip)->i_inline_all;
memcpy(ip->i_link, name, ssize);
ip->i_size = ssize - 1;
--
2.35.1
next prev parent reply other threads:[~2022-12-17 15:32 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-17 15:28 [PATCH AUTOSEL 6.0 01/16] fs: jfs: fix shift-out-of-bounds in dbAllocAG Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 02/16] udf: Avoid double brelse() in udf_rename() Sasha Levin
2022-12-17 15:28 ` Sasha Levin [this message]
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 04/16] fs: jfs: fix shift-out-of-bounds in dbDiscardAG Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 05/16] ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 06/16] ACPI: EC: Add quirk for the HP Pavilion Gaming 15-cx0041ur Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 07/16] ACPICA: Fix error code path in acpi_ds_call_control_method() Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 08/16] proc/vmcore: fix potential memory leak in vmcore_init() Sasha Levin
2022-12-17 15:28 ` Sasha Levin
[not found] ` <20221217152821.98618-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 09/16] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Sasha Levin
2022-12-17 15:28 ` Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 10/16] nilfs2: fix shift-out-of-bounds due to too large exponent of block size Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 11/16] ACPI / PCI: fix LPIC IRQ model default PCI IRQ polarity Sasha Levin
2022-12-17 18:07 ` Marc Zyngier
2022-12-18 11:26 ` Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 12/16] acct: fix potential integer overflow in encode_comp_t() Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 13/16] x86/apic: Handle no CONFIG_X86_X2APIC on systems with x2APIC enabled by BIOS Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 14/16] ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Tab 3 Pro (YT3-X90F) Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 15/16] ACPI: x86: Add skip i2c clients quirk for Medion Lifetab S10346 Sasha Levin
2022-12-17 15:28 ` [PATCH AUTOSEL 6.0 16/16] hfs: fix OOB Read in __hfs_brec_find Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221217152821.98618-3-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=brauner@kernel.org \
--cc=dave.kleikamp@oracle.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@treblig.org \
--cc=shaggy@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+5fc38b2ddbbca7f5c680@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.