From: Vitaly Chikunov <vt@altlinux.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sasha Levin <sashal@kernel.org>,
stable@vger.kernel.org, Kees Cook <keescook@chromium.org>,
linux-cifs@vger.kernel.org
Subject: Re: [PATCH] cifs: Convert struct fealist away from 1-element array
Date: Sun, 18 Feb 2024 12:59:03 +0300 [thread overview]
Message-ID: <20240218095903.5tg6wo3jvnguyzf6@altlinux.org> (raw)
In-Reply-To: <2024021808-coach-wired-41cb@gregkh>
Greg,
On Sun, Feb 18, 2024 at 10:31:29AM +0100, Greg Kroah-Hartman wrote:
> On Sun, Feb 18, 2024 at 12:50:16AM +0300, Vitaly Chikunov wrote:
> >
> > On Sat, Feb 10, 2024 at 01:21:45PM +0300, Vitaly Chikunov wrote:
> > > On Sat, Feb 10, 2024 at 10:19:46AM +0000, Greg Kroah-Hartman wrote:
> > > > On Sat, Feb 10, 2024 at 03:33:14AM +0300, Vitaly Chikunov wrote:
> > > > >
> > > > > Can you please backport this commit (below) to a stable 6.1.y tree, it's
> > > > > confirmed be Kees this could cause kernel panic due to false positive
> > > > > strncpy fortify, and this is already happened for some users.
> > > >
> > > > What is the git commit id?
> > >
> > > 398d5843c03261a2b68730f2f00643826bcec6ba
> >
> > Can you please apply this to the next 6.1.y release?
> >
> > There is still non-theoretical crash as reported in
> > https://lore.kernel.org/all/qjyfz2xftsbch6aozgplxyjfyqnuhn7j44udrucls4pqa5ey35@adxvvrdtagqf/
> >
> > If commit hash was not enough:
> >
> > commit 398d5843c03261a2b68730f2f00643826bcec6ba
> > Author: Kees Cook <keescook@chromium.org>
> > AuthorDate: Tue Feb 14 16:08:39 2023 -0800
> >
> > cifs: Convert struct fealist away from 1-element array
> >
> > The commit is in mainline and is applying well to linux-6.1.y:
> >
> > (linux-6.1.y)$ git cherry-pick 398d5843c03261a2b68730f2f00643826bcec6ba
> > Auto-merging fs/smb/client/cifspdu.h
> > Auto-merging fs/smb/client/cifssmb.c
> > [linux-6.1.y 4a80b516f202] cifs: Convert struct fealist away from 1-element array
> > Author: Kees Cook <keescook@chromium.org>
> > Date: Tue Feb 14 16:08:39 2023 -0800
> > 2 files changed, 10 insertions(+), 10 deletions(-)
>
> It does not apply cleanly due to renames, can you provide a backported,
> and tested, patch please?
I cannot test it solves the bug since I don't use software that triggers
the crash. But crash logic is obvious - sizeof of first element of char
array is 1 byte and fortify code for strncpy issues panic. The patch is
obviously missed.
I can send that patch that is result of my git applying cleanly 398d5843c03261a2b68730f2f00643826bcec6ba.
And I will try to build kernel and ensure it compiles well.
Will this be enough?
Thanks,
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2024-02-18 9:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230215000832.never.591-kees@kernel.org>
[not found] ` <qjyfz2xftsbch6aozgplxyjfyqnuhn7j44udrucls4pqa5ey35@adxvvrdtagqf>
[not found] ` <202402091559.52D7C2AC@keescook>
2024-02-10 0:33 ` [PATCH] cifs: Convert struct fealist away from 1-element array Vitaly Chikunov
2024-02-10 10:19 ` Greg Kroah-Hartman
2024-02-10 10:21 ` Vitaly Chikunov
2024-02-17 21:50 ` Vitaly Chikunov
2024-02-18 9:31 ` Greg Kroah-Hartman
2024-02-18 9:59 ` Vitaly Chikunov [this message]
2024-02-21 17:13 ` Vitaly Chikunov
2024-02-22 7:08 ` Vitaly Chikunov
2024-03-08 8:48 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240218095903.5tg6wo3jvnguyzf6@altlinux.org \
--to=vt@altlinux.org \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-cifs@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).