evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/nfs
History
Tetsuo Handa cec54a8e69 NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 
commit 7c2bd9a39845bfb6d72ddb55ce737650271f6f96 upstream.

syzbot is reporting uninitialized value at rpc_sockaddr2uaddr() [1]. This
is because syzbot is setting AF_INET6 to "struct sockaddr_in"->sin_family
(which is embedded into user-visible "struct nfs_mount_data" structure)
despite nfs23_validate_mount_data() cannot pass sizeof(struct sockaddr_in6)
bytes of AF_INET6 address to rpc_sockaddr2uaddr().

Since "struct nfs_mount_data" structure is user-visible, we can't change
"struct nfs_mount_data" to use "struct sockaddr_storage". Therefore,
assuming that everybody is using AF_INET family when passing address via
"struct nfs_mount_data"->addr, reject if its sin_family is not AF_INET.

[1] https://syzkaller.appspot.com/bug?id=599993614e7cbbf66bc2656a919ab2a95fb5d75c

Reported-by: syzbot <syzbot+047a11c361b872896a4f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-16 19:44:51 +02:00
..
blocklayout pnfs/blocklayout: off by one in bl_map_stripe() 2018-09-09 20:04:34 +02:00
filelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
flexfilelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
objlayout osd fs: __r4w_get_page rely on PageUptodate for uptodate 2015-12-12 10:15:34 -08:00
cache_lib.c
cache_lib.h
callback.c NFSv4.x: hide array-bounds warning 2016-12-02 09:09:01 +01:00
callback.h NFS: Remove the left function defines in callback.h 2015-10-21 15:49:22 -05:00
callback_proc.c NFS: Remove unneeded NFS_DEBUG checking before define NFSDBG_FACILITY 2015-10-21 15:49:23 -05:00
callback_xdr.c NFSv4.0 fix client reference leak in callback 2018-09-19 22:48:57 +02:00
client.c nfs: get clone_blksize when probing fsinfo 2015-10-15 16:08:18 -04:00
delegation.c NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid 2016-10-28 03:01:31 -04:00
delegation.h NFSv4: Recovery of recalled read delegations is broken 2015-09-20 22:34:16 -04:00
dir.c NFS: Fix a typo in nfs_rename() 2017-12-16 10:33:55 +01:00
direct.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
dns_resolve.c
dns_resolve.h
file.c nfs_write_end(): fix handling of short copies 2017-01-09 08:07:52 +01:00
fscache-index.c
fscache.c
fscache.h
getroot.c
inode.c NFS: only invalidate dentrys that are clearly invalid. 2017-07-27 15:06:08 -07:00
internal.h NFS: Fix 2 use after free issues in the I/O code 2017-09-13 14:09:46 -07:00
iostat.h
Kconfig pnfs/blocklayout: require 64-bit sector_t 2017-08-16 13:40:30 -07:00
Makefile NFS: Rename idmap.c to nfs4idmap.c 2015-04-23 15:16:14 -04:00
mount_clnt.c NFS: Remove unneeded NFS_DEBUG checking before define NFSDBG_FACILITY 2015-10-21 15:49:23 -05:00
namespace.c
netns.h
nfs.h
nfs2super.c
nfs2xdr.c
nfs3_fs.h
nfs3acl.c
nfs3client.c
nfs3proc.c
nfs3super.c
nfs3xdr.c xprtrdma: Fix large NFS SYMLINK calls 2015-08-05 16:21:28 -04:00
nfs4_fs.h NFSv4: Refactor NFSv4 error handling 2015-10-08 10:45:51 -04:00
nfs4client.c NFSv4.1: Fix the r/wsize checking 2018-11-21 09:27:35 +01:00
nfs4file.c nfs: use file_dentry() 2016-04-20 15:42:13 +09:00
nfs4getroot.c nfs: Remove invalid NFS_ATTR_FATTR_V4_REFERRAL checking in nfs4_get_rootfh 2015-07-01 11:31:22 -04:00
nfs4idmap.c NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message 2018-07-03 11:21:34 +02:00
nfs4idmap.h NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4namespace.c
nfs4proc.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-05-30 07:48:52 +02:00
nfs4renewd.c
nfs4session.c
nfs4session.h
nfs4state.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-05-30 07:48:52 +02:00
nfs4super.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-05-30 07:48:53 +02:00
nfs4trace.c
nfs4trace.h NFS: Fix a tracepoint NULL-pointer dereference 2015-10-06 18:56:25 -04:00
nfs4xdr.c NFSv4: fix getacl head length estimation 2017-03-12 06:37:30 +01:00
nfs42.h nfs42: add CLONE proc functions 2015-10-15 16:07:36 -04:00
nfs42proc.c NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic 2016-10-28 03:01:31 -04:00
nfs42xdr.c nfs42: add CLONE xdr functions 2015-10-15 16:07:21 -04:00
nfsroot.c nfsroot: make nfsroot to accept the 1024 bytes long directory name 2015-10-21 15:49:19 -05:00
nfstrace.c
nfstrace.h
pagelist.c NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() 2019-03-23 08:44:39 +01:00
pnfs.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
pnfs.h NFS41: make close wait for layoutreturn 2015-09-23 08:55:32 -04:00
pnfs_dev.c
pnfs_nfs.c NFS41: fix list splice type 2015-08-20 13:43:53 -05:00
proc.c
read.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
super.c NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 2019-05-16 19:44:51 +02:00
symlink.c don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
sysctl.c
unlink.c
write.c NFS: Add a cond_resched() to nfs_commit_release_pages() 2018-02-16 20:09:42 +01:00