linux/fs/nfs
Randy Dunlap c09f11ef35 NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused
by a garbage timeout (retrans) mount option being passed to nfs mount,
in this case from syzkaller.

If the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift
value for a 64-bit long integer, so 'retrans' cannot be >= 64.
If it is >= 64, fail the mount and return an error.

Fixes: 9954bf92c0 ("NFS: Move mount parameterisation bits into their own file")
Reported-by: syzbot+ba2e91df8f74809417fa@syzkaller.appspotmail.com
Reported-by: syzbot+f3a0fa110fd630ab56c8@syzkaller.appspotmail.com
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: Anna Schumaker <anna.schumaker@netapp.com>
Cc: linux-nfs@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
2021-04-05 09:04:20 -04:00
..
blocklayout block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
filelayout SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer() 2020-11-30 14:46:35 -05:00
flexfilelayout NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
cache_lib.c
cache_lib.h
callback_proc.c kernel.h: split out mathematical helpers 2020-12-15 22:46:15 -08:00
callback_xdr.c SUNRPC: Make trace_svc_process() display the RPC procedure symbolically 2021-01-25 09:36:23 -05:00
callback.c SUNRPC: Cache the process user cred in the RPC server listener 2019-04-24 09:46:35 -04:00
callback.h NFSv4: Add support for CB_RECALL_ANY for flexfiles layouts 2020-03-16 08:34:30 -04:00
client.c NFS: NFSv2/NFSv3: Use cred from fs_context during mount 2020-12-02 14:05:54 -05:00
delegation.c NFS: Fix up incorrect documentation 2021-04-05 09:04:20 -04:00
delegation.h NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation() 2020-02-13 16:18:50 -05:00
dir.c NFS: Only change the cookie verifier if the directory page cache is empty 2021-04-05 09:04:20 -04:00
direct.c NFS client updates for Linux 5.9 2020-08-15 08:26:55 -07:00
dns_resolve.c NFS: remove duplicate headers 2020-05-27 10:10:12 -04:00
dns_resolve.h
export.c nfs: use change attribute for NFS re-exports 2021-01-30 11:47:12 -05:00
file.c NFS: Add support for eager writes 2021-02-16 16:11:14 -05:00
fs_context.c NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds 2021-04-05 09:04:20 -04:00
fscache-index.c nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
fscache.c NFS: Add nfs_pageio_complete_read() and remove nfs_readpage_async() 2021-02-01 13:32:48 -05:00
fscache.h nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
getroot.c NFS: Ensure security label is set for root inode 2020-03-30 19:56:50 -04:00
inode.c NFS: Fix open coded versions of nfs_set_cache_invalid() in NFSv4 2021-03-08 16:32:11 -05:00
internal.h NFS: Clean up function nfs_mark_dir_for_revalidate() 2021-03-08 16:01:02 -05:00
io.c NFS: Fix up incorrect documentation 2021-04-05 09:04:20 -04:00
iostat.h
Kconfig nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default 2021-03-08 11:47:47 -05:00
Makefile NFSv4.2: add client side xattr caching. 2020-07-13 17:52:46 -04:00
mount_clnt.c NFSv3: fix rpc receive buffer size for MOUNT call 2020-05-14 18:42:44 -04:00
namespace.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
netns.h NFS: Add sysfs support for per-container identifier 2019-07-06 14:54:49 -04:00
nfs2super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs2xdr.c SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() 2020-12-02 14:05:53 -05:00
nfs3_fs.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
nfs3acl.c NFS Client Updates for Linux 5.12 2021-02-26 09:17:24 -08:00
nfs3client.c NFS: Additional refactoring for fs_context conversion 2020-01-15 10:15:17 -05:00
nfs3proc.c NFS: Allow the NFS generic code to pass in a verifier to readdir 2020-12-02 14:05:52 -05:00
nfs3super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs3xdr.c NFS: Correct size calculation for create reply length 2021-03-08 13:40:12 -05:00
nfs4_fs.h NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE 2020-10-02 08:43:09 -04:00
nfs4client.c nfs: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
nfs4file.c NFSv4_2: SSC helper should use its own config. 2021-01-28 10:55:37 -05:00
nfs4getroot.c
nfs4idmap.c NFS: Only reference user namespace from nfs4idmap struct instead of cred 2020-10-13 15:56:54 -04:00
nfs4idmap.h
nfs4namespace.c nfs: Fix memory leak of export_path 2020-06-26 08:43:14 -04:00
nfs4proc.c NFSv4: Simplify nfs4_retry_setlk() 2021-04-05 09:04:20 -04:00
nfs4renewd.c NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals 2020-02-04 12:27:55 -05:00
nfs4session.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nfs4session.h NFSv4.1: use BITS_PER_LONG macro in nfs4session.h 2020-12-14 06:51:07 -05:00
nfs4state.c NFS: Fix up incorrect documentation 2021-04-05 09:04:20 -04:00
nfs4super.c NFS: Adjust fs_context error logging 2021-01-10 13:32:39 -05:00
nfs4sysctl.c
nfs4trace.c pNFS/flexfiles: Add tracing for layout errors 2020-01-15 10:54:33 -05:00
nfs4trace.h NFSv4/pnfs: Add tracing for the deviceid cache 2020-12-16 17:25:24 -05:00
nfs4xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
nfs42.h NFSv4.2: add the extended attribute proc functions. 2020-07-13 17:52:45 -04:00
nfs42proc.c NFS: Fix open coded versions of nfs_set_cache_invalid() in NFSv4 2021-03-08 16:32:11 -05:00
nfs42xattr.c NFSv4.2: fix failure to unregister shrinker 2020-11-12 10:40:02 -05:00
nfs42xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
nfs.h
nfsroot.c nfsroot: Default mount option should ask for built-in NFS version 2020-11-02 10:29:03 -05:00
nfstrace.c NFS: Add trace events to report non-zero NFS status codes 2019-02-13 12:03:21 -05:00
nfstrace.h nfs: define and use the NFS_INO_INVALID_XATTR flag 2020-07-13 17:52:45 -04:00
pagelist.c NFS: Fix up incorrect documentation 2021-04-05 09:04:20 -04:00
pnfs_dev.c NFSv4/pnfs: Add tracing for the deviceid cache 2020-12-16 17:25:24 -05:00
pnfs_nfs.c NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit() 2021-01-10 13:32:52 -05:00
pnfs.c nfs: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
pnfs.h pNFS: We want return-on-close to complete when evicting the inode 2021-01-10 13:32:51 -05:00
proc.c NFS: Allow the NFS generic code to pass in a verifier to readdir 2020-12-02 14:05:52 -05:00
read.c NFS: Add nfs_pageio_complete_read() and remove nfs_readpage_async() 2021-02-01 13:32:48 -05:00
super.c NFS Client Updates for Linux 5.12 2021-02-26 09:17:24 -08:00
symlink.c nfs: pass the correct prototype to read_cache_page 2019-05-09 16:26:57 -04:00
sysctl.c
sysfs.c NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
sysfs.h NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
unlink.c NFS: Fix open coded versions of nfs_set_cache_invalid() 2021-03-08 16:13:55 -05:00
write.c NFS: Fix open coded versions of nfs_set_cache_invalid() 2021-03-08 16:13:55 -05:00