linux-sg2042

Go to file

David Howells 26982a89ca afs: Work around strnlen() oops with CONFIG_FORTIFIED_SOURCE=y AFS has a structured layout in its directory contents (AFS dirs are downloaded as files and parsed locally by the client for lookup/readdir). The slots in the directory are defined by union afs_xdr_dirent. This, however, only directly allows a name of a length that will fit into that union. To support a longer name, the next 1-8 contiguous entries are annexed to the first one and the name flows across these. afs_dir_iterate_block() uses strnlen(), limited to the space to the end of the page, to find out how long the name is. This worked fine until `6a39e62abb`. With that commit, the compiler determines the size of the array and asserts that the string fits inside that array. This is a problem for AFS because we expect it to overflow one or more arrays. A similar problem also occurs in afs_dir_scan_block() when a directory file is being locally edited to avoid the need to redownload it. There strlen() was being used safely because each page has the last byte set to 0 when the file is downloaded and validated (in afs_dir_check_page()). Fix this by changing the afs_xdr_dirent union name field to an indeterminate-length array and dropping the overflow field. (Note that whilst looking at this, I realised that the calculation of the number of slots a dirent used is non-standard and not quite right, but I'll address that in a separate patch.) The issue can be triggered by something like: touch /afs/example.com/thisisaveryveryverylongname and it generates a report that looks like: detected buffer overflow in strnlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! ... RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: afs_dir_iterate_block+0x12b/0x35b afs_dir_iterate+0x14e/0x1ce afs_do_lookup+0x131/0x417 afs_lookup+0x24f/0x344 lookup_open.isra.0+0x1bb/0x27d open_last_lookups+0x166/0x237 path_openat+0xe0/0x159 do_filp_open+0x48/0xa4 ? kmem_cache_alloc+0xf5/0x16e ? __clear_close_on_exec+0x13/0x22 ? _raw_spin_unlock+0xa/0xb do_sys_openat2+0x72/0xde do_sys_open+0x3b/0x58 do_syscall_64+0x2d/0x3a entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: `6a39e62abb` ("lib: string.h: detect intra-object overflow in fortified string functions") Reported-by: Marc Dionne <marc.dionne@auristor.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com> cc: Daniel Axtens <dja@axtens.net>		2021-01-04 12:25:19 +00:00
Documentation	This is the bulk of the GPIO changes for the v5.11 kernel cycle:	2020-12-17 18:07:20 -08:00
LICENSES	LICENSES: Add the CC-BY-4.0 license	2020-12-08 10:33:27 -07:00
arch	This pull request contains the following changes for UML:	2020-12-17 17:56:44 -08:00
block	SCSI misc on 20201216	2020-12-16 13:34:31 -08:00
certs	.gitignore: add SPDX License Identifier	2020-03-25 11:50:48 +01:00
crypto	crypto: aegis128 - avoid spurious references crypto_aegis128_update_simd	2020-12-04 18:16:53 +11:00
drivers	This is the bulk of the GPIO changes for the v5.11 kernel cycle:	2020-12-17 18:07:20 -08:00
fs	afs: Work around strnlen() oops with CONFIG_FORTIFIED_SOURCE=y	2021-01-04 12:25:19 +00:00
include	This is the bulk of the GPIO changes for the v5.11 kernel cycle:	2020-12-17 18:07:20 -08:00
init	for-5.11/block-2020-12-14	2020-12-16 12:57:51 -08:00
ipc	Merge branch 'akpm' (patches from Andrew)	2020-12-15 12:53:37 -08:00
kernel	Tracing updates for 5.11	2020-12-17 13:22:17 -08:00
lib	for-5.11/block-2020-12-14	2020-12-16 12:57:51 -08:00
mm	memblock: debug enhancements	2020-12-16 14:44:53 -08:00
net	Networking fixes for 5.11-rc1.	2020-12-17 13:45:24 -08:00
samples	ARM: SoC drivers for v5.11	2020-12-16 16:38:41 -08:00
scripts	gcc-plugins updates for v5.11-rc1	2020-12-16 11:17:27 -08:00
security	overlayfs update for 5.11	2020-12-17 11:42:48 -08:00
sound	powerpc updates for 5.11	2020-12-17 13:34:25 -08:00
tools	This is the bulk of the GPIO changes for the v5.11 kernel cycle:	2020-12-17 18:07:20 -08:00
usr	Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2020-08-07 13:29:39 -07:00
virt	kvm: x86/mmu: Support dirty logging for the TDP MMU	2020-10-23 03:42:13 -04:00
.clang-format	RDMA 5.10 pull request	2020-10-17 11:18:18 -07:00
.cocciconfig	…
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	.gitignore: docs: ignore sphinx_*/ directories	2020-09-10 10:44:31 -06:00
.mailmap	RDMA 5.11 pull request	2020-12-16 13:42:26 -08:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-12-11 22:29:38 -08:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	This is the bulk of the GPIO changes for the v5.11 kernel cycle:	2020-12-17 18:07:20 -08:00
Makefile	Linux 5.10	2020-12-13 14:41:30 -08:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.