]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commitdiff
projects / mirror_ubuntu-bionic-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b899d03)
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fri, 17 Aug 2018 22:44:34 +0000 (15:44 -0700)
committerJuerg Haefliger <juergh@canonical.com>
Wed, 24 Jul 2019 01:46:28 +0000 (19:46 -0600)
BugLink: https://bugs.launchpad.net/bugs/1835972
[ Upstream commit 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d ]

Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
are initialized at __d_alloc(), we can't copy the whole size
unconditionally.

 WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50)
 636f6e66696766732e746d70000000000010000000000000020000000188ffff
  i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
                                  ^
 RIP: 0010:take_dentry_name_snapshot+0x28/0x50
 RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246
 RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002
 RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60
 RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001
 R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00
 R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000
 FS:  00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0
  take_dentry_name_snapshot+0x28/0x50
  vfs_rename+0x128/0x870
  SyS_rename+0x3b2/0x3d0
  entry_SYSCALL_64_fastpath+0x1a/0xa4
  0xffffffffffffffff

Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
fs/dcache.c patch | blob | blame | history

diff --git a/fs/dcache.c b/fs/dcache.c
index 60e5fd0db1b1a67059165ca17e95b0fb86ee2f07..eec2548bb369d36472241cab77dd577c3346441b 100644 (file)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -291,7 +291,8 @@ void take_dentry_name_snapshot(struct name_snapshot *name, struct dentry *dentry
                spin_unlock(&dentry->d_lock);
                name->name = p->name;
        } else {
-               memcpy(name->inline_name, dentry->d_iname, DNAME_INLINE_LEN);
+               memcpy(name->inline_name, dentry->d_iname,
+                      dentry->d_name.len + 1);
                spin_unlock(&dentry->d_lock);
                name->name = name->inline_name;
        }
ubuntu-bionic-kernel mirror