From patchwork Fri May 26 20:17:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9751103 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A955660246 for ; Fri, 26 May 2017 20:20:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9930528334 for ; Fri, 26 May 2017 20:20:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8AB2328347; Fri, 26 May 2017 20:20:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id EA93628334 for ; Fri, 26 May 2017 20:20:05 +0000 (UTC) Received: (qmail 9335 invoked by uid 550); 26 May 2017 20:18:43 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 9248 invoked from network); 26 May 2017 20:18:41 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ymyB4Lp3Q1ybKxlVsN5hq2loyiEKWlSqF4VEhh1vDqM=; b=DD3FFj0Fy6Spupi3P2A0UAp0hHKfmnc+zZLhMgNYhl1gzwW/fgt/YzhSqGPu3SkZub AltU+fxwXMniPzAhsMCpAMDzE/xeps2lJsYevsYebvaNmikF+bEbiT8lf12NwhYGGvuc MecdfIhash5+ndiCRu96wdfHog6FKJ8d4feBI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ymyB4Lp3Q1ybKxlVsN5hq2loyiEKWlSqF4VEhh1vDqM=; b=aD6gtDD4w5d4Gh7i/jU5/RVSoSkAaBk6pjmzSdIHPyLEp/5//ZE2SnA2ZbTpGwbmQ1 +9496gKAQjBozQFORqn2WUuQXF266Ax2qDKgiksR6pR+Q6QawYl5k6NSrWeVHakcAawt PZ2g074I1Pgs+GNQN3mZZs+XnySuFt843E0D4jKNZjWLHajpAycbPyA/Xth/rXapXDre HSiJfDa2TnWOTamt/awOwUcdwlIDONGVT3ndObAuqQw9ES2c6UP372cc6wHACcIlDxbN rqwt7Rkf384rtqk387kMnWDYoVeeQ55sLOKnmp8xHhFRVIK8xzMhTvp7q9buD+NPk7T/ kFGQ== X-Gm-Message-State: AODbwcDckyRG7qKz6+/aGhnKaqwCdyZvyBI9ORzp5yvS3BmTz0J5dN1T JWGFPFYJEQvWHmxS X-Received: by 10.99.175.18 with SMTP id w18mr4600368pge.183.1495829909639; Fri, 26 May 2017 13:18:29 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Anton Altaparmakov , Andrew Morton , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org Date: Fri, 26 May 2017 13:17:20 -0700 Message-Id: <1495829844-69341-17-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1495829844-69341-1-git-send-email-keescook@chromium.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH v2 16/20] ntfs: Use ERR_CAST() to avoid cross-structure cast X-Virus-Scanned: ClamAV using ClamSMTP When trying to propagate an error result, the error return path attempts to retain the error, but does this with an open cast across very different types, which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is use ERR_CAST() to retain the error value. Cc: Anton Altaparmakov Cc: Andrew Morton Signed-off-by: Kees Cook --- fs/ntfs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs/namei.c b/fs/ntfs/namei.c index 358258364616..4690cd75d8d7 100644 --- a/fs/ntfs/namei.c +++ b/fs/ntfs/namei.c @@ -159,7 +159,7 @@ static struct dentry *ntfs_lookup(struct inode *dir_ino, struct dentry *dent, PTR_ERR(dent_inode)); kfree(name); /* Return the error code. */ - return (struct dentry *)dent_inode; + return ERR_CAST(dent_inode); } /* It is guaranteed that @name is no longer allocated at this point. */ if (MREF_ERR(mref) == -ENOENT) {