evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/nfs
History
Tetsuo Handa cec54a8e69 NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 
commit 7c2bd9a39845bfb6d72ddb55ce737650271f6f96 upstream.

syzbot is reporting uninitialized value at rpc_sockaddr2uaddr() [1]. This
is because syzbot is setting AF_INET6 to "struct sockaddr_in"->sin_family
(which is embedded into user-visible "struct nfs_mount_data" structure)
despite nfs23_validate_mount_data() cannot pass sizeof(struct sockaddr_in6)
bytes of AF_INET6 address to rpc_sockaddr2uaddr().

Since "struct nfs_mount_data" structure is user-visible, we can't change
"struct nfs_mount_data" to use "struct sockaddr_storage". Therefore,
assuming that everybody is using AF_INET family when passing address via
"struct nfs_mount_data"->addr, reject if its sin_family is not AF_INET.

[1] https://syzkaller.appspot.com/bug?id=599993614e7cbbf66bc2656a919ab2a95fb5d75c

Reported-by: syzbot <syzbot+047a11c361b872896a4f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-16 19:44:51 +02:00
..
blocklayout pnfs/blocklayout: off by one in bl_map_stripe() 2018-09-09 20:04:34 +02:00
filelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
flexfilelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
objlayout
cache_lib.c
cache_lib.h
callback.c
callback.h
callback_proc.c
callback_xdr.c NFSv4.0 fix client reference leak in callback 2018-09-19 22:48:57 +02:00
client.c
delegation.c
delegation.h
dir.c NFS: Fix a typo in nfs_rename() 2017-12-16 10:33:55 +01:00
direct.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
dns_resolve.c
dns_resolve.h
file.c
fscache-index.c
fscache.c
fscache.h
getroot.c
inode.c
internal.h NFS: Fix 2 use after free issues in the I/O code 2017-09-13 14:09:46 -07:00
iostat.h
Kconfig pnfs/blocklayout: require 64-bit sector_t 2017-08-16 13:40:30 -07:00
Makefile
mount_clnt.c
namespace.c
netns.h
nfs.h
nfs2super.c
nfs2xdr.c
nfs3_fs.h
nfs3acl.c
nfs3client.c
nfs3proc.c
nfs3super.c
nfs3xdr.c
nfs4_fs.h
nfs4client.c NFSv4.1: Fix the r/wsize checking 2018-11-21 09:27:35 +01:00
nfs4file.c
nfs4getroot.c
nfs4idmap.c NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message 2018-07-03 11:21:34 +02:00
nfs4idmap.h
nfs4namespace.c
nfs4proc.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-05-30 07:48:52 +02:00
nfs4renewd.c
nfs4session.c
nfs4session.h
nfs4state.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-05-30 07:48:52 +02:00
nfs4super.c
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-05-30 07:48:53 +02:00
nfs4trace.c
nfs4trace.h
nfs4xdr.c
nfs42.h
nfs42proc.c
nfs42xdr.c
nfsroot.c
nfstrace.c
nfstrace.h
pagelist.c NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() 2019-03-23 08:44:39 +01:00
pnfs.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
pnfs.h
pnfs_dev.c
pnfs_nfs.c
proc.c
read.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
super.c NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 2019-05-16 19:44:51 +02:00
symlink.c
sysctl.c
unlink.c
write.c NFS: Add a cond_resched() to nfs_commit_release_pages() 2018-02-16 20:09:42 +01:00