projects
/
openwrt
/
staging
/
blogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
480bd56
)
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
author
Tetsuo Handa
<penguin-kernel@I-love.SAKURA.ne.jp>
Fri, 17 Aug 2018 22:44:34 +0000
(15:44 -0700)
committer
Linus Torvalds
<torvalds@linux-foundation.org>
Fri, 17 Aug 2018 23:20:28 +0000
(16:20 -0700)
Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
are initialized at __d_alloc(), we can't copy the whole size
unconditionally.
WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (
ffff8fa27465ac50
)
636f6e66696766732e746d70000000000010000000000000020000000188ffff
i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
^
RIP: 0010:take_dentry_name_snapshot+0x28/0x50
RSP: 0018:
ffffa83000f5bdf8
EFLAGS:
00010246
RAX:
0000000000000020
RBX:
ffff8fa274b20550
RCX:
0000000000000002
RDX:
ffffa83000f5be40
RSI:
ffff8fa27465ac50
RDI:
ffffa83000f5be60
RBP:
ffffa83000f5bdf8
R08:
ffffa83000f5be48
R09:
0000000000000001
R10:
ffff8fa27465ac00
R11:
ffff8fa27465acc0
R12:
ffff8fa27465ac00
R13:
ffff8fa27465acc0
R14:
0000000000000000
R15:
0000000000000000
FS:
00007f79737ac8c0
(0000) GS:
ffffffff8fc30000
(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
ffff8fa274c0b000
CR3:
0000000134aa7002
CR4:
00000000000606f0
take_dentry_name_snapshot+0x28/0x50
vfs_rename+0x128/0x870
SyS_rename+0x3b2/0x3d0
entry_SYSCALL_64_fastpath+0x1a/0xa4
0xffffffffffffffff
Link:
http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/dcache.c
patch
|
blob
|
history
diff --git
a/fs/dcache.c
b/fs/dcache.c
index 8d2ec4898c2b8596219aff616623e011bfbb1162..2e7e8d85e9b408a2296ca3d2510a2815dc78067f 100644
(file)
--- a/
fs/dcache.c
+++ b/
fs/dcache.c
@@
-292,7
+292,8
@@
void take_dentry_name_snapshot(struct name_snapshot *name, struct dentry *dentry
spin_unlock(&dentry->d_lock);
name->name = p->name;
} else {
- memcpy(name->inline_name, dentry->d_iname, DNAME_INLINE_LEN);
+ memcpy(name->inline_name, dentry->d_iname,
+ dentry->d_name.len + 1);
spin_unlock(&dentry->d_lock);
name->name = name->inline_name;
}