mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-24 09:50:04 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs
History
Linus Torvalds 40faa4d13a qnx4: work around gcc false positive warning bug 
commit d5f6545934 upstream.

In commit b7213ffa0e ("qnx4: avoid stringop-overread errors") I tried
to teach gcc about how the directory entry structure can be two
different things depending on a status flag.  It made the code clearer,
and it seemed to make gcc happy.

However, Arnd points to a gcc bug, where despite using two different
members of a union, gcc then gets confused, and uses the size of one of
the members to decide if a string overrun happens.  And not necessarily
the rigth one.

End result: with some configurations, gcc-11 will still complain about
the source buffer size being overread:

  fs/qnx4/dir.c: In function 'qnx4_readdir':
  fs/qnx4/dir.c:76:32: error: 'strnlen' specified bound [16, 48] exceeds source size 1 [-Werror=stringop-overread]
     76 |                         size = strnlen(name, size);
        |                                ^~~~~~~~~~~~~~~~~~~
  fs/qnx4/dir.c:26:22: note: source object declared here
     26 |                 char de_name;
        |                      ^~~~~~~

because gcc will get confused about which union member entry is actually
getting accessed, even when the source code is very clear about it.  Gcc
internally will have combined two "redundant" pointers (pointing to
different union elements that are at the same offset), and takes the
size checking from one or the other - not necessarily the right one.

This is clearly a gcc bug, but we can work around it fairly easily.  The
biggest thing here is the big honking comment about why we do what we
do.

Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578#c6
Reported-and-tested-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-10-06 15:05:08 +02:00
..
9p 9P: Cast to loff_t before multiplying 2020-11-05 11:07:03 +01:00
adfs fs/adfs: super: fix use-after-free bug 2019-08-06 19:05:21 +02:00
affs fs/affs: release old buffer head on error path 2021-03-03 18:22:54 +01:00
afs afs: Fix some tracing details 2020-04-02 16:34:33 +02:00
autofs4 autofs: fix a leak in autofs_expire_indirect() 2019-12-17 20:37:24 +01:00
befs
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:42:51 +01:00
btrfs Revert "btrfs: compression: don't try to compress if we don't have enough pages" 2021-09-22 11:45:16 +02:00
cachefiles cachefiles: Handle readpage error correctly 2020-11-05 11:07:05 +01:00
ceph ceph: lockdep annotations for try_nonblocking_invalidate 2021-09-26 13:37:29 +02:00
cifs cifs: fix incorrect check for null pointer in header_assemble 2021-10-06 15:05:04 +02:00
coda coda: add error handling for fget 2019-08-06 19:05:23 +02:00
configfs configfs: fix memleak in configfs_release_bin_file 2021-07-20 16:17:41 +02:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-13 11:15:12 -08:00
crypto fscrypt: don't ignore minor_hash when hash is 0 2021-07-20 16:17:45 +02:00
debugfs debugfs: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
devpts fs/devpts: always delete dcache dentry-s in dput() 2019-03-23 14:35:21 +01:00
dlm fs: dlm: fix memory leak when fenced 2021-07-20 16:17:33 +02:00
ecryptfs Revert "ecryptfs: replace BUG_ON with error handling code" 2021-05-26 11:47:00 +02:00
efivarfs efivarfs: revert "fix memory leak in efivarfs_create()" 2020-12-02 08:34:44 +01:00
efs
exofs exofs_mount(): fix leaks on failure exits 2019-12-05 15:37:28 +01:00
exportfs exportfs: fix 'passing zero to ERR_PTR()' warning 2020-01-27 14:46:06 +01:00
ext2 ext2: fix missing percpu_counter_inc 2020-08-21 09:48:18 +02:00
ext4 ext4: fix race writing to an inline_data file while its xattrs are changing 2021-09-22 11:45:14 +02:00
f2fs f2fs: fix potential overflow 2021-09-22 11:45:15 +02:00
fat fat: don't allow to mount if the FAT length == 0 2020-06-20 10:25:05 +02:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 09:28:53 +01:00
fuse fuse: reject internal errno 2021-07-20 16:17:45 +02:00
gfs2 gfs2: Don't call dlm after protocol is unmounted 2021-09-22 11:45:30 +02:00
hfs hfs: add lock nesting notation to hfs_find_init 2021-08-04 12:22:15 +02:00
hfsplus hfsplus: fix crash and filesystem corruption when deleting files 2020-04-24 08:00:45 +02:00
hostfs
hpfs
hugetlbfs hugetlbfs: hugetlb_fault_mutex_hash() cleanup 2021-06-03 08:36:25 +02:00
isofs isofs: joliet: Fix iocharset=utf8 mount option 2021-09-22 11:45:17 +02:00
jbd2 jbd2: abort journal if free a async write error metadata buffer 2020-09-03 11:22:29 +02:00
jffs2 jffs2: check the validity of dstlen in jffs2_zlib_compress() 2021-05-22 10:57:22 +02:00
jfs fs/jfs: Fix missing error code in lmLogInit() 2021-07-20 16:17:49 +02:00
kernfs kernfs: deal with kernfs_fill_super() failures 2021-06-30 08:48:55 -04:00
lockd lockd: don't use interval-based rebinding over TCP 2020-12-29 13:46:57 +01:00
minix fs/minix: reject too-large maximum file size 2020-08-21 09:48:15 +02:00
ncpfs
nfs NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times 2021-07-20 16:17:54 +02:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-29 13:47:01 +01:00
nfsd nfsd4: readdirplus shouldn't return parent of export 2021-01-23 15:48:45 +01:00
nilfs2 nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group 2021-09-26 13:37:30 +02:00
nls
notify fs: avoid softlockups in s_inodes iterators 2020-01-12 12:11:59 +01:00
ntfs ntfs: fix validity check for file name attribute 2021-07-20 16:17:28 +02:00
ocfs2 ocfs2: drop acl cache for directories too 2021-10-06 15:05:04 +02:00
omfs
openpromfs
orangefs orangefs: fix orangefs df output. 2021-07-20 16:17:52 +02:00
overlayfs ovl: skip getxattr of security labels 2021-02-23 14:00:31 +01:00
proc proc: Avoid mixing integer types in mem_rw() 2021-07-28 11:12:18 +02:00
pstore pstore/ram: Write new dumps to start of recycled zones 2020-01-09 10:17:55 +01:00
qnx4 qnx4: work around gcc false positive warning bug 2021-10-06 15:05:08 +02:00
qnx6
quota quota: Fix memory leak when handling corrupted quota file 2021-03-03 18:22:44 +01:00
ramfs ramfs: fix nommu mmap with gaps in the page cache 2020-10-29 09:07:11 +01:00
reiserfs reiserfs: check directory items on read from disk 2021-08-15 13:03:33 +02:00
romfs romfs: fix uninitialized memory leak in romfs_dev_read() 2020-08-26 10:29:54 +02:00
squashfs squashfs: fix divide error in calculate_skip() 2021-05-22 10:57:39 +02:00
sysfs unfuck sysfs_mount() 2021-06-30 08:48:55 -04:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 09:28:48 +01:00
tracefs
ubifs ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode 2021-07-20 16:17:54 +02:00
udf udf_get_extendedattr() had no boundary checks. 2021-09-22 11:45:18 +02:00
ufs fs/ufs: avoid potential u32 multiplication overflow 2020-08-21 09:48:22 +02:00
xfs xfs: Fix assert failure in xfs_setattr_size() 2021-03-07 11:27:43 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:13:04 +01:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() 2020-06-03 08:18:03 +02:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c fs/binfmt_flat.c: make load_flat_shared_library() work 2019-07-03 13:15:59 +02:00
binfmt_misc.c binfmt_misc: fix possible deadlock in bm_register_write 2021-03-17 16:34:35 +01:00
binfmt_script.c exec: load_script: Do not exec truncated interpreter path 2019-11-06 12:42:59 +01:00
block_dev.c block: reexpand iov_iter after read/write 2021-05-22 10:57:43 +02:00
buffer.c fs: Don't invalidate page buffers in block_write_full_page() 2020-11-05 11:06:58 +01:00
char_dev.c chardev: Avoid potential use-after-free in 'chrdev_open()' 2020-01-14 20:05:39 +01:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP 2020-01-09 10:17:58 +01:00
coredump.c coredump: fix crash when umh is disabled 2020-05-20 08:16:58 +02:00
dax.c dax: pass NOWAIT flag to iomap_apply 2020-03-11 18:02:43 +01:00
dcache.c fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() 2019-02-06 17:31:34 +01:00
dcookies.c
direct-io.c fs: direct-io: fix missing sdio->boundary 2021-04-16 11:57:48 +02:00
drop_caches.c fs: avoid softlockups in s_inodes iterators 2020-01-12 12:11:59 +01:00
eventfd.c
eventpoll.c ep_create_wakeup_source(): dentry name can change under you... 2020-10-14 09:51:09 +02:00
exec.c mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race 2020-11-18 18:28:03 +01:00
fcntl.c
fhandle.c
file.c fix multiplication overflow in copy_fdtable() 2020-05-27 16:42:51 +02:00
file_table.c
filesystems.c fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() 2020-04-24 08:00:43 +02:00
fs-writeback.c writeback: fix obtain a reference to a freeing memcg css 2021-07-20 16:17:37 +02:00
fs_pin.c
fs_struct.c
inode.c futex: Fix inode life-time issue 2020-04-02 16:34:21 +02:00
internal.h
ioctl.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
iomap.c iomap: Fix pipe page leakage during splicing 2019-12-17 20:38:57 +01:00
Kconfig
Kconfig.binfmt
libfs.c libfs: fix error cast of negative value in simple_attr_write() 2020-11-24 13:05:50 +01:00
locks.c locks: print unsigned ino in /proc/locks 2020-01-09 10:17:55 +01:00
Makefile
mbcache.c
mount.h
mpage.c
namei.c namei: only return -ECHILD from follow_dotdot_rcu() 2020-03-11 18:02:53 +01:00
namespace.c fs: warn about impending deprecation of mandatory locks 2021-08-26 08:37:10 -04:00
no-block.c
nsfs.c
open.c cifs_atomic_open(): fix double-put on late allocation failure 2020-03-20 10:54:16 +01:00
pipe.c pipe: increase minimum default pipe size to 2 pages 2021-08-15 13:03:31 +02:00
pnode.c propagate_one(): mnt_set_mountpoint() needs mount_lock 2020-05-02 17:24:47 +02:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c vfs: avoid problematic remapping requests into partial EOF block 2019-12-01 09:13:51 +01:00
readdir.c readdir: make sure to verify directory entry for legacy interfaces too 2021-04-28 12:08:41 +02:00
select.c kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() 2021-03-24 11:05:05 +01:00
seq_file.c seq_file: disallow extremely large seq buffer allocations 2021-07-20 16:17:55 +02:00
signalfd.c
splice.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
stack.c
stat.c
statfs.c vfs: Fix EOVERFLOW testing in put_compat_statfs64 2019-10-11 18:18:48 +02:00
super.c vfs: remove lockdep bogosity in __sb_start_write 2020-11-24 13:05:44 +01:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK 2020-01-04 13:59:58 +01:00
utimes.c
xattr.c xattr: break delegations in {set,remove}xattr 2020-08-21 09:48:00 +02:00