From patchwork Sat Oct 22 20:39:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dr. David Alan Gilbert" X-Patchwork-Id: 7939 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp1356108wrr; Sat, 22 Oct 2022 14:13:58 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4wK1wdjt0KiHXzmYZOsGQy2HxCJETrOT68x7ZuIWfLNH1MDX9m99SOFmixXPRbLFGSSpLr X-Received: by 2002:a05:6402:34d0:b0:460:96c4:94af with SMTP id w16-20020a05640234d000b0046096c494afmr14044385edc.365.1666473238243; Sat, 22 Oct 2022 14:13:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666473238; cv=none; d=google.com; s=arc-20160816; b=lTVT+Dz0dx4peIaAemFVBmoIcvlz/02kXUmO5acO8Rf9TAjpmgIPjm6YTDUCOda1g0 p5+/HGR/4FoM1Lsl1yq7rjU7gPlCHCAOxucE7gtemYK15iYuXxr2AXLqmJMR+N3APHxA KJ74+mmBmHTGM5LP2Kr7zUYWR8yldTfNio3jNOkmQ8fQ+0qPkm9rC+5bILbAG2dmIu68 QVkXm6gesgQmAzqx1s5jqGElpnVkB6dXFFntOOIExIgURHqq4PthuiHTEkdQnBFBDK0G 7qFwzV5F9/Wo7nzFGi+66bUxe9PcdpyRYt5Mp6qPcNE929bDKW1+ObZY69RCsZ41PQsN t0NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=mZ7ZhD4cvnKSycRl1+l3M39tGHDRpDCkJZSVTXRFl8w=; b=SjYaqLhOQW4QDoOkYGTN7LYaZeYVwhbFXvTvavoQywI1nT+FJ+zzfIkxpwoBwr9R/Y hmXRhHpMYpk82/BMca3b/MNiXdBfUsOl4b54xdkJMhyfzIja9BrB5aYMVnYP8URw9atS i1jzwoqenHtdsSpyQjiZwhyAC25Prf9YGmFUlWrQnIxP17pj9hWWdRWMM4IJCxNtolKk 3TWGgwOo/y+KY4hPbFP4lD+LUewTpwhVcVrRhSe+KzLVOy97BCZLWoV1gM1OuPvwaD4v FTTyCpE4oJf+Wi0Tx5chSQ2+LS9Jst0Ci5+6F14keeUiiZgJW00lrWPUHLh0vXzB15qm ocJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@treblig.org header.s=bytemarkmx header.b=WJKfcJmu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n15-20020aa7d04f000000b0046109fd5943si2345557edo.544.2022.10.22.14.13.34; Sat, 22 Oct 2022 14:13:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@treblig.org header.s=bytemarkmx header.b=WJKfcJmu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229707AbiJVVEk (ORCPT + 99 others); Sat, 22 Oct 2022 17:04:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229634AbiJVVEi (ORCPT ); Sat, 22 Oct 2022 17:04:38 -0400 X-Greylist: delayed 1474 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sat, 22 Oct 2022 14:04:35 PDT Received: from mx.treblig.org (mx.treblig.org [46.43.15.161]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61B7D1B797 for ; Sat, 22 Oct 2022 14:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=treblig.org ; s=bytemarkmx; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=mZ7ZhD4cvnKSycRl1+l3M39tGHDRpDCkJZSVTXRFl8w=; b=WJKfcJmuhyS3Dp1MiLdjvyeksT VYgoPFLU1O+GHcSt2FfvvS36yWVasgGv8oHusCk+fnHV+CPjX4KOeHjLZduy/o6pm3+2/BNOmfVuT TQaK+/t8dCl6hbhOO5PVkPryza29I+Vz9a/yRHjocI0b5UX92kGgKjT9t2ejYTOwp+lGEqidBybeE k1WfMvmAE1pVR65MTCaQuXbQohxOWQeI3Mh8cj/GD466J16FyZbk/DrCCpsMp6H2gBQTcNm8sMhYN 2qfZFHyR7QOdwFV4iXf5vyj2vXfBwoVKlBRLHU7t/v1aeiELZG8L1jnQ5yta8K14JwmkaaDxqeFPF 8E8vfbNA==; Received: from localhost ([127.0.0.1] helo=dalek.home.treblig.org) by mx.treblig.org with esmtp (Exim 4.94.2) (envelope-from ) id 1omLHV-005mx1-2y; Sat, 22 Oct 2022 21:39:44 +0100 From: linux@treblig.org To: linux@treblig.org, shaggy@kernel.org, jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org Cc: syzbot+5fc38b2ddbbca7f5c680@syzkaller.appspotmail.com Subject: [PATCH] jfs: Fix fortify moan in symlink Date: Sat, 22 Oct 2022 21:39:14 +0100 Message-Id: <20221022203913.264855-1-linux@treblig.org> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747423842518769619?= X-GMAIL-MSGID: =?utf-8?q?1747423842518769619?= From: "Dr. David Alan Gilbert" JFS has in jfs_incore.h: /* _inline may overflow into _inline_ea when needed */ /* _inline_ea may overlay the last part of * file._xtroot if maxentry = XTROOTINITSLOT */ union { struct { /* 128: inline symlink */ unchar _inline[128]; /* 128: inline extended attr */ unchar _inline_ea[128]; }; unchar _inline_all[256]; and currently the symlink code copies into _inline; if this is larger than 128 bytes it triggers a fortify warning of the form: memcpy: detected field-spanning write (size 132) of single field "ip->i_link" at fs/jfs/namei.c:950 (size 18446744073709551615) when it's actually OK. Copy it into _inline_all instead. Reported-by: syzbot+5fc38b2ddbbca7f5c680@syzkaller.appspotmail.com Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Kees Cook --- fs/jfs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c index 9db4f5789c0ec..4fbbf88435e69 100644 --- a/fs/jfs/namei.c +++ b/fs/jfs/namei.c @@ -946,7 +946,7 @@ static int jfs_symlink(struct user_namespace *mnt_userns, struct inode *dip, if (ssize <= IDATASIZE) { ip->i_op = &jfs_fast_symlink_inode_operations; - ip->i_link = JFS_IP(ip)->i_inline; + ip->i_link = JFS_IP(ip)->i_inline_all; memcpy(ip->i_link, name, ssize); ip->i_size = ssize - 1;