From patchwork Fri May 26 20:17:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9751075 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7E6E460209 for ; Fri, 26 May 2017 20:18:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7161B28179 for ; Fri, 26 May 2017 20:18:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 650022821F; Fri, 26 May 2017 20:18:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 7693E28179 for ; Fri, 26 May 2017 20:18:09 +0000 (UTC) Received: (qmail 3414 invoked by uid 550); 26 May 2017 20:18:07 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 3396 invoked from network); 26 May 2017 20:18:07 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VEeMm0Ii+03lWvv8nOnQXTgY6VDGgeiHY6/W6B/D5y4=; b=fB6U/CCbhK2NyHvc6b6vpA33KPEizRVOa81jSv6iOm6CqaC9k03f2eHIVfcOKFxnbj x+Jvf1p/jJb4rrpYrQOMYgypyIeg7noymFhCP6NrtpxFRN8hF/wWISxkVK6TjAzdD+dw 2K3tQCq5e8dd3CjtRk46rWuEmUpTEj8k+zPgI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VEeMm0Ii+03lWvv8nOnQXTgY6VDGgeiHY6/W6B/D5y4=; b=ovV/6rC47ajWewqkSye6lI15thDzCWLFFHT6GaiQ4k9cUrB8iMUOg75GaWxficzJRr wtoyEi9NqpQ5YbZt5njjBmGMZ07GTbaOArC7OlhYlOPZfIRSmQ1T5NADK2NfXDXD22L+ VmHYBLcN98cG4zR/NPthhaWAn4VKIpDGdRH2vxoISceuU4uO9nyRMHtH3pAeT0SbWjas Iqqjp8QsGTU35APo+hKnzt0PvdAnEmhkUjF5FUpY9CD0J7jLnltEskIhUCM4IsI3w0Gp aQKIf+/S9xeMqb6RvY/iAoFZnCMkRZEqvemKvia5H7VYwOcU09cxndqCsCWl967HWx22 fB2w== X-Gm-Message-State: AODbwcCSpUzVnkgzqa17NkSj4sXrlnNAGjiiyaAtnVI8Wjz36tfKbaX7 QkQSg7yHvmgh33ep X-Received: by 10.84.178.131 with SMTP id z3mr59488761plb.175.1495829875395; Fri, 26 May 2017 13:17:55 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org Date: Fri, 26 May 2017 13:17:05 -0700 Message-Id: <1495829844-69341-2-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1495829844-69341-1-git-send-email-keescook@chromium.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH v2 01/20] NFS: Avoid cross-structure casting X-Virus-Scanned: ClamAV using ClamSMTP When the call to nfs_devname() fails, the error path attempts to retain the error via the mnt variable, but this requires a cast across very different types (char * to struct vfsmount *), which the upcoming structure layout randomization plugin flags as being potentially dangerous in the face of randomization. This is a false positive, but what this code actually wants to do is retain the error value, so this patch explicitly sets it, instead of using what seems to be an unexpected cast. Signed-off-by: Kees Cook Acked-by: Trond Myklebust Reviewed-by: Christoph Hellwig --- fs/nfs/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c index 1a224a33a6c2..e5686be67be8 100644 --- a/fs/nfs/namespace.c +++ b/fs/nfs/namespace.c @@ -246,7 +246,7 @@ struct vfsmount *nfs_do_submount(struct dentry *dentry, struct nfs_fh *fh, devname = nfs_devname(dentry, page, PAGE_SIZE); if (IS_ERR(devname)) - mnt = (struct vfsmount *)devname; + mnt = ERR_CAST(devname); else mnt = nfs_do_clone_mount(NFS_SB(dentry->d_sb), devname, &mountdata);