From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S944969AbdE0BMd (ORCPT ); Fri, 26 May 2017 21:12:33 -0400 Received: from mail-pf0-f176.google.com ([209.85.192.176]:35992 "EHLO mail-pf0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S944880AbdEZUSa (ORCPT ); Fri, 26 May 2017 16:18:30 -0400 From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Anton Altaparmakov , Andrew Morton , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 16/20] ntfs: Use ERR_CAST() to avoid cross-structure cast Date: Fri, 26 May 2017 13:17:20 -0700 Message-Id: <1495829844-69341-17-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1495829844-69341-1-git-send-email-keescook@chromium.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When trying to propagate an error result, the error return path attempts to retain the error, but does this with an open cast across very different types, which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is use ERR_CAST() to retain the error value. Cc: Anton Altaparmakov Cc: Andrew Morton Signed-off-by: Kees Cook --- fs/ntfs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs/namei.c b/fs/ntfs/namei.c index 358258364616..4690cd75d8d7 100644 --- a/fs/ntfs/namei.c +++ b/fs/ntfs/namei.c @@ -159,7 +159,7 @@ static struct dentry *ntfs_lookup(struct inode *dir_ino, struct dentry *dent, PTR_ERR(dent_inode)); kfree(name); /* Return the error code. */ - return (struct dentry *)dent_inode; + return ERR_CAST(dent_inode); } /* It is guaranteed that @name is no longer allocated at this point. */ if (MREF_ERR(mref) == -ENOENT) { -- 2.7.4 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kees Cook Date: Fri, 26 May 2017 13:17:20 -0700 Message-Id: <1495829844-69341-17-git-send-email-keescook@chromium.org> In-Reply-To: <1495829844-69341-1-git-send-email-keescook@chromium.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH v2 16/20] ntfs: Use ERR_CAST() to avoid cross-structure cast To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Anton Altaparmakov , Andrew Morton , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org List-ID: When trying to propagate an error result, the error return path attempts to retain the error, but does this with an open cast across very different types, which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is use ERR_CAST() to retain the error value. Cc: Anton Altaparmakov Cc: Andrew Morton Signed-off-by: Kees Cook --- fs/ntfs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs/namei.c b/fs/ntfs/namei.c index 358258364616..4690cd75d8d7 100644 --- a/fs/ntfs/namei.c +++ b/fs/ntfs/namei.c @@ -159,7 +159,7 @@ static struct dentry *ntfs_lookup(struct inode *dir_ino, struct dentry *dent, PTR_ERR(dent_inode)); kfree(name); /* Return the error code. */ - return (struct dentry *)dent_inode; + return ERR_CAST(dent_inode); } /* It is guaranteed that @name is no longer allocated at this point. */ if (MREF_ERR(mref) == -ENOENT) { -- 2.7.4