Re: fs: out of bounds on stack in iov_iter_advance

From: Al Viro
Date: Tue Nov 10 2015 - 22:30:20 EST


On Wed, Nov 11, 2015 at 02:56:47AM +0000, Al Viro wrote:
> s/developed/rebased/, actually, but... point taken. Mea culpa, and what
> to do with those patches is for you to decide; some of those are simply
> -stable fodder and probably ought to go one-by-one at any point you would
> consider convenient, some are of the "remove stale comment" variety (obviously
> can sit around until the next cycle, or go in one-by-one at any point - the
> things like
> -
> - /* WARNING: probably going away soon, do not use! */
> in inode_operations; the comment used to be about the method removed last
> cycle and should've been gone with it; etc.)

FWIW, here's what's in there:
dax_io fix
Jens has just taken it
fs: fix inode.c kernel-doc warning
fs: fix writeback.c kernel-doc warnings
trivial comment patches
overlayfs: move super block magic number to magic.h
got picked into overlayfs tree yesterday
debugfs: fix refcount imbalance in start_creating
old fix, -stable fodder (had been first posted in October, IIRC)
vfs: Check attribute names in posix acl xattr handers
vfs: Fix the posix_acl_xattr_list return value
ubifs: Remove unused security xattr handler
hfsplus: Remove unused xattr handler list operations
jffs2: Add missing capability check for listing trusted xattrs
xattr handlers: Pass handler to operations instead of flags
9p: xattr simplifications
squashfs: xattr simplifications
f2fs: xattr simplifications
xattr series; the first two are arguably fixes, and whatever happens in this
window, I'm taking the rest into -next for 4.5. Series makes sense and
cleans the things nicely, IMO.
FS-Cache: Increase reference of parent after registering, netfs success
FS-Cache: Don't override netfs's primary_index if registering failed
cachefiles: perform test on s_blocksize when opening cache file.
FS-Cache: Handle a write to the page immediately beyond the EOF marker
1, 2 and 4 are simply -stable fodder, 3 is an obvious optimization.
binfmt_elf: Don't clobber passed executable's file header
binfmt_elf: Correct `arch_check_elf's description
-stable fodder.
fs/pipe.c: preserve alloc_file() error code
fs/pipe.c: return error code rather than 0 in pipe_write()
-stable fodder.
vfs: remove unused wrapper block_page_mkwrite()
vfs: remove stale comment in inode_operations
dead code and stale comment removal. Can go at any point.
fs: 9p: cache.h: Add #define of include guard
trivial, can go at any point, or stay until the next cycle.
richacl series
probably misses the window - I'd really like to hear more detailed variant
of Christoph's objections in any case.

Again, my apologies to everyone involved - I'd fucked up, badly. The only
question is how much PITA it will end up causing. I can put those into
separate branches and/or mail directly; what ends up missing the window
will go into vfs.git#for-next as soon as -rc1 is out there (with the
possible exception of richacl stuff - I really want to hear from Christoph
and in more details than "it's all been said some iterations ago").

Linus, what would be your preference wrt that stuff? Besides the "don't
ever do that kind of shit again", that is - that much is obvious.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/