iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Chuck Lever 10c22d9519 NFSD: Fix exposure in nfsd4_decode_bitmap() 
[ Upstream commit c0019b7db1d7ac62c711cda6b357a659d46428fe ]

rtm@csail.mit.edu reports:
> nfsd4_decode_bitmap4() will write beyond bmval[bmlen-1] if the RPC
> directs it to do so. This can cause nfsd4_decode_state_protect4_a()
> to write client-supplied data beyond the end of
> nfsd4_exchange_id.spo_must_allow[] when called by
> nfsd4_decode_exchange_id().

Rewrite the loops so nfsd4_decode_bitmap() cannot iterate beyond
@bmlen.

Reported by: rtm@csail.mit.edu
Fixes: d1c263a031e8 ("NFSD: Replace READ* macros in nfsd4_decode_fattr()")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-25 09:48:35 +01:00
..
9p
9p: Fix a bunch of kerneldoc warnings shown up by W=1
2021-10-04 22:07:46 +01:00
adfs
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
affs
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
afs
netfslib, cachefiles and afs fixes
2021-10-07 11:20:08 -07:00
autofs
autofs: fix wait name hash calculation in autofs_wait()
2021-10-20 21:09:02 -04:00
befs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
bfs
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
btrfs
btrfs: zoned: allow preallocation for relocation inodes
2021-11-21 13:44:13 +01:00
cachefiles
cachefiles: Change %p in format strings to something else
2021-08-27 13:34:02 +01:00
ceph
ceph: fix mdsmap decode when there are MDS's beyond max_mds
2021-11-18 19:17:15 +01:00
cifs
cifs: fix memory leak of smb3_fs_context_dup::server_hostname
2021-11-18 19:17:20 +01:00
coda
coda: fix reference counting in coda_file_mmap error path
2021-04-23 14:42:39 -07:00
configfs
configfs: fix a race in configfs_lookup()
2021-08-25 07:58:49 +02:00
cramfs
crypto
fscrypt: allow 256-bit master keys with AES-256-XTS
2021-11-18 19:16:11 +01:00
debugfs
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
2021-09-21 09:09:06 +02:00
devpts
dlm
fs: dlm: avoid comms shutdown delay in release_lockspace
2021-09-01 11:29:14 -05:00
ecryptfs
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
efivarfs
efivars: convert to fileattr
2021-04-12 15:04:29 +02:00
efs
erofs
erofs: fix unsafe pagevec reuse of hooked pclusters
2021-11-18 19:17:15 +01:00
exfat
exfat: fix incorrect loading of i_blocks for large files
2021-11-18 19:15:52 +01:00
exportfs
ext2
ext2: fix sleeping in atomic bugs on error
2021-09-22 13:05:23 +02:00
ext4
ext4: refresh the ext4_ext_path struct after dropping i_data_sem.
2021-11-18 19:15:56 +01:00
f2fs
f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
2021-11-25 09:48:31 +01:00
fat
linux-kselftest-kunit-5.15-rc1
2021-09-02 12:32:12 -07:00
freevxfs
fscache
fscache: Remove an unused static variable
2021-10-04 22:13:12 +01:00
fuse
fuse: fix page stealing
2021-11-18 19:15:56 +01:00
gfs2
gfs2: Fix glock_hash_walk bugs
2021-11-18 19:16:19 +01:00
hfs
hfs: add lock nesting notation to hfs_find_init
2021-07-15 10:13:49 -07:00
hfsplus
hfsplus: report create_date to kstat.btime
2021-07-01 11:06:06 -07:00
hostfs
hostfs: support splice_write
2021-08-26 22:28:02 +02:00
hpfs
hpfs: use iomap_fiemap to implement ->fiemap
2021-07-27 11:00:36 +02:00
hugetlbfs
hugetlbfs: fix mount mode command line processing
2021-07-23 17:43:28 -07:00
iomap
iomap: standardize tracepoint formatting and storage
2021-08-26 09:18:53 -07:00
isofs
isofs: Fix out of bound access for corrupted isofs image
2021-11-12 15:05:50 +01:00
jbd2
jbd2: add sparse annotations for add_transaction_credits()
2021-08-30 23:36:50 -04:00
jffs2
vfs: add rcu argument to ->get_acl() callback
2021-08-18 22:08:24 +02:00
jfs
JFS: fix memleak in jfs_mount
2021-11-18 19:16:48 +01:00
kernfs
kernfs: don't create a negative dentry if inactive node exists
2021-10-04 10:27:18 +02:00
ksmbd
ksmbd: don't need 8byte alignment for request length in ksmbd_check_message
2021-11-18 19:17:15 +01:00
lockd
Critical bug fixes:
2021-09-22 09:21:02 -07:00
minix
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
netfs
netfs: Fix READ/WRITE confusion when calling iov_iter_xarray()
2021-10-05 11:22:06 +01:00
nfs
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
2021-11-18 19:17:04 +01:00
nfs_common
nfs: Fix kerneldoc warning shown up by W=1
2021-10-04 22:02:17 +01:00
nfsd
NFSD: Fix exposure in nfsd4_decode_bitmap()
2021-11-25 09:48:35 +01:00
nilfs2
Merge branch 'akpm' (patches from Andrew)
2021-09-08 12:55:35 -07:00
nls
notify
fsnotify: fix sb_connectors leak
2021-09-10 09:46:48 -07:00
ntfs
Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2021-07-03 11:30:04 -07:00
ntfs3
Fixed xfstests generic/016 generic/021 generic/022 generic/041 generic/274 generic/423,
2021-10-15 09:58:11 -04:00
ocfs2
ocfs2: fix data corruption on truncate
2021-11-18 19:15:51 +01:00
omfs
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
openpromfs
orangefs
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
2021-11-18 19:17:01 +01:00
overlayfs
ovl: fix filattr copy-up failure
2021-11-18 19:16:04 +01:00
proc
fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
2021-11-18 19:16:13 +01:00
pstore
for-5.14/drivers-2021-06-29
2021-06-30 12:21:16 -07:00
qnx4
qnx4: work around gcc false positive warning bug
2021-09-21 08:36:48 -07:00
qnx6
quota
quota: correct error number in free_dqentry()
2021-11-18 19:16:05 +01:00
ramfs
fs: move ramfs_aops to libfs
2021-06-29 10:53:48 -07:00
reiserfs
Kbuild updates for v5.15
2021-09-03 15:33:47 -07:00
romfs
smbfs_common
cifs: remove pathname for file from SPDX header
2021-09-13 14:51:10 -05:00
squashfs
squashfs: use bvec_virt
2021-08-16 10:50:32 -06:00
sysfs
sysfs: Allow deferred execution of iomem_get_mapping()
2021-08-06 13:05:28 +02:00
sysv
mm: require ->set_page_dirty to be explicitly wired up
2021-06-29 10:53:48 -07:00
tracefs
tracefs: Have tracefs directories not set OTH permission bits by default
2021-11-18 19:16:15 +01:00
ubifs
ubifs: report correct st_size for encrypted symlinks
2021-07-25 20:01:07 -07:00
udf
udf_get_extendedattr() had no boundary checks.
2021-08-23 13:35:19 +02:00
ufs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
unicode
.gitignore: prefix local generated files with a slash
2021-05-02 00:43:35 +09:00
vboxsf
vboxfs: fix broken legacy mount signature checking
2021-09-27 11:26:21 -07:00
verity
fs-verity: fix signed integer overflow with i_size near S64_MAX
2021-09-22 10:56:34 -07:00
xfs
libnvdimm for v5.15
2021-09-09 11:39:57 -07:00
zonefs
\n
2021-08-30 10:24:50 -07:00
aio.c
eventfd: Make signal recursion protection a task bit
2021-08-28 01:33:02 +02:00
anon_inodes.c
attr.c
fs: Move notify_change permission checks into may_setattr
2021-08-13 00:41:05 -04:00
bad_inode.c
vfs: add rcu argument to ->get_acl() callback
2021-08-18 22:08:24 +02:00
binfmt_aout.c
binfmt: a.out: Fix bogus semicolon
2021-09-05 10:15:05 -07:00
binfmt_elf_fdpic.c
binfmt: remove in-tree usage of MAP_DENYWRITE
2021-09-03 18:42:01 +02:00
binfmt_elf.c
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
2021-10-03 14:02:58 -07:00
binfmt_flat.c
binfmt: remove in-tree usage of MAP_EXECUTABLE
2021-06-29 10:53:50 -07:00
binfmt_misc.c
binfmt_script.c
buffer.c
mm: fs: invalidate bh_lrus for only cold path
2021-09-24 16:13:35 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c
coredump: fix memleak in dump_vma_snapshot()
2021-09-08 11:50:27 -07:00
d_path.c
d_path: make 'prepend()' fill up the buffer exactly on overflow
2021-09-02 10:07:29 -07:00
dax.c
New code for 5.15:
2021-08-31 11:13:35 -07:00
dcache.c
useful constants: struct qstr for ".."
2021-04-15 22:36:45 -04:00
direct-io.c
fs: direct-io: fix missing sdio->boundary
2021-04-09 14:54:23 -07:00
drop_caches.c
fs: drop_caches: fix skipping over shadow cache inodes
2021-09-03 09:58:10 -07:00
eventfd.c
eventfd: Export eventfd_wake_count to modules
2021-09-06 07:20:56 -04:00
eventpoll.c
ARM development updates for 5.15:
2021-09-09 13:25:49 -07:00
exec.c
Merge tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux
2021-09-04 11:35:47 -07:00
fcntl.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
fhandle.c
switch file_open_root() to struct path
2021-04-07 13:56:43 -04:00
file_table.c
file.c
virtio,vdpa,vhost: features, fixes
2021-09-11 14:48:42 -07:00
filesystems.c
fs: simplify get_filesystem_list / get_all_fs_names
2021-08-23 01:25:40 -04:00
fs_context.c
memcg: charge fs_context and legacy_fs_context
2021-09-03 09:58:12 -07:00
fs_parser.c
namei: Standardize callers of filename_lookup()
2021-09-07 16:07:47 -04:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
fsopen.c
init.c
inode.c
mm: Fully initialize invalidate_lock, amend lock class later
2021-09-17 13:39:23 +02:00
internal.h
block: move fs/block_dev.c to block/bdev.c
2021-09-07 08:39:40 -06:00
io_uring.c
io_uring: honour zeroes as io-wq worker limits
2021-11-18 19:16:03 +01:00
io-wq.c
io-wq: fix max-workers not correctly set on multi-node system
2021-11-18 19:17:05 +01:00
io-wq.h
io-wq: provide a way to limit max number of workers
2021-08-29 07:55:55 -06:00
ioctl.c
New code for 5.15:
2021-08-31 11:06:32 -07:00
Kconfig
4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate
2021-09-12 10:10:21 -07:00
Kconfig.binfmt
binfmt: remove support for em86 (alpha only)
2021-07-25 22:33:03 -07:00
kernel_read_file.c
vfs: check fd has read access in kernel_read_file_from_fd()
2021-10-18 20:22:03 -10:00
libfs.c
fs: remove noop_set_page_dirty()
2021-06-29 10:53:48 -07:00
locks.c
Revert "memcg: enable accounting for file lock caches"
2021-09-07 11:21:48 -07:00
Makefile
4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate
2021-09-12 10:10:21 -07:00
mbcache.c
mount.h
mpage.c
namei.c
putname(): IS_ERR_OR_NULL() is wrong here
2021-09-07 16:14:05 -04:00
namespace.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
no-block.c
nsfs.c
open.c
mm, thp: fix incorrect unmap behavior for private pages
2021-11-18 19:17:17 +01:00
pipe.c
Revert "mm/gup: remove try_get_page(), call try_get_compound_head() directly"
2021-09-07 11:03:45 -07:00
pnode.c
pnode.h
posix_acl.c
ovl: enable RCU'd ->get_acl()
2021-08-18 22:08:24 +02:00
proc_namespace.c
read_write.c
fs: clean up after mandatory file locking support removal
2021-08-24 07:52:45 -04:00
readdir.c
readdir: make sure to verify directory entry for legacy interfaces too
2021-04-17 11:39:49 -07:00
remap_range.c
fs: remove mandatory file locking support
2021-08-23 06:15:36 -04:00
select.c
Revert "memcg: enable accounting for pollfd and select bits arrays"
2021-09-07 11:26:23 -07:00
seq_file.c
seq_file: disallow extremely large seq buffer allocations
2021-07-19 17:18:48 -07:00
signalfd.c
signal: Rename SIL_PERF_EVENT SIL_FAULT_PERF_EVENT for consistency
2021-07-23 13:16:43 -05:00
splice.c
stack.c
stat.c
fs: add generic helper for filling statx attribute flags
2021-08-17 11:47:43 +02:00
statfs.c
super.c
block: remove the bd_bdi in struct block_device
2021-08-09 11:53:26 -06:00
sync.c
timerfd.c
timerfd: Provide timerfd_resume()
2021-08-10 17:57:22 +02:00
userfaultfd.c
userfaultfd: fix a race between writeprotect and exit_mmap()
2021-10-18 20:22:02 -10:00
utimes.c
xattr.c
xattr: fix kernel-doc for mnt_userns and vfs xattr helpers
2021-03-23 11:20:26 +01:00