Commit bfe7aa6c authored by Andrey Ryabinin's avatar Andrey Ryabinin Committed by Linus Torvalds
Browse files

fs/dcache: Use read_word_at_a_time() in dentry_string_cmp() 



dentry_string_cmp() performs the word-at-a-time reads from 'cs' and may
read slightly more than it was requested in kmallac().  Normally this
would make KASAN to report out-of-bounds access, but this was
workarounded by commit df4c0e36 ("fs: dcache: manually unpoison
dname after allocation to shut up kasan's reports").

This workaround is not perfect, since it allows out-of-bounds access to
dentry's name for all the code, not just in dentry_string_cmp().

So it would be better to use read_word_at_a_time() instead and revert
commit df4c0e36.

Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 1a3241ff

fs/dcache.c

+1 −1
Original line number Diff line number Diff line
@@ -195,7 +195,7 @@ static inline int dentry_string_cmp(const unsigned char *cs, const unsigned char 
	unsigned long a,b,mask;



	for (;;) {

		a = *(unsigned long *)cs;

		a = read_word_at_a_time(cs);

		b = load_unaligned_zeropad(ct);

		if (tcount < sizeof(unsigned long))

			break;

CRA Git | Maintained and supported by SUSTech CRA and CCSE