From patchwork Sat Jul 7 03:29:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 10512731 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B3437600CA for ; Sat, 7 Jul 2018 03:29:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A5AE2844C for ; Sat, 7 Jul 2018 03:29:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8CEAE28846; Sat, 7 Jul 2018 03:29:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 38E8E2844C for ; Sat, 7 Jul 2018 03:29:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932754AbeGGD3v (ORCPT ); Fri, 6 Jul 2018 23:29:51 -0400 Received: from mx2.suse.de ([195.135.220.15]:40152 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932681AbeGGD3v (ORCPT ); Fri, 6 Jul 2018 23:29:51 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 764C2AD99; Sat, 7 Jul 2018 03:29:49 +0000 (UTC) From: NeilBrown To: Jann Horn , Andrew Morton , Al Viro , Kees Cook Date: Sat, 07 Jul 2018 13:29:41 +1000 Cc: Linus Torvalds , linux-doc@vger.kernel.org, kernel list , linux-fsdevel@vger.kernel.org, Jonathan Corbet Subject: [PATCH mm] VFS: seq_file: ensure ->from is valid. In-Reply-To: <878t6nybj7.fsf@notabene.neil.brown.name> References: <87vacsrt0r.fsf@notabene.neil.brown.name> <87fu3dihtf.fsf@notabene.neil.brown.name> <874lintqa6.fsf@notabene.neil.brown.name> <87y3fcegnn.fsf@notabene.neil.brown.name> <878t6nybj7.fsf@notabene.neil.brown.name> Message-ID: <87601ryb8a.fsf@notabene.neil.brown.name> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Previous patch ("VFS: simplify seq_file iteration code and interface") removed code to set ->from to zero when ->count is zero, as ->from is dead at that time. However it didn't ensure ->from was set properly whenever ->count becomes non-zero. This can only happen when ->show() is called. Of the three places it is called one already has ->from set to zero. The other two are fixed by setting from to zero after fully flushing the buffer (at which point ->count will also be zero). Reported-by: Jann Horn Signed-off-by: NeilBrown Tested-by: Jann Horn --- fs/seq_file.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/seq_file.c b/fs/seq_file.c index fd82585ab50f..1dea7a8a5255 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -220,6 +220,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) goto Done; } /* we need at least one record in buffer */ + m->from = 0; p = m->op->start(m, &m->index); while (1) { err = PTR_ERR(p);