Backport of the mainline fix to the kernel panic when Wine is run over
CIFS share. This is intended for linux-6.1.y tree. Please apply.
Bug and testing details:
Jan 24 15:15:20 kalt2test.dpt.local kernel: detected buffer overflow in strncpy
Jan 24 15:15:20 kalt2test.dpt.local kernel: ------------[ cut here ]------------
Jan 24 15:15:20 kalt2test.dpt.local kernel: kernel BUG at lib/string_helpers.c:1027!
Jan 24 15:15:20 kalt2test.dpt.local kernel: invalid opcode: 0000 [#1] PREEMPT SMP PTI
Jan 24 15:15:20 kalt2test.dpt.local kernel: CPU: 1 PID: 4532 Comm: vr402352.res Tainted: G OE 6.1.73-un-def-alt1 #1
Jan 24 15:15:20 kalt2test.dpt.local kernel: Hardware name: Gigabyte Technology Co., Ltd. B360M-D3H/B360M D3H-CF, BIOS F12 03/14/2019
Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0010:fortify_panic+0xf/0x11
...
Jan 24 15:15:20 kalt2test.dpt.local kernel: Call Trace:
Jan 24 15:15:20 kalt2test.dpt.local kernel: <TASK>
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __die_body.cold+0x1a/0x1f
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? die+0x2b/0x50
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_trap+0xcf/0x120
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_error_trap+0x83/0xb0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? exc_invalid_op+0x4e/0x70
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? asm_exc_invalid_op+0x16/0x20
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11
Jan 24 15:15:20 kalt2test.dpt.local kernel: CIFSSMBSetEA.cold+0xc/0x18 [cifs]
Jan 24 15:15:20 kalt2test.dpt.local kernel: cifs_xattr_set+0x596/0x690 [cifs]
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? evm_protected_xattr_common+0x41/0xb0
Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr+0x52/0x70
Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr_locked+0xbc/0x150
Jan 24 15:15:20 kalt2test.dpt.local kernel: vfs_removexattr+0x56/0x100
Jan 24 15:15:20 kalt2test.dpt.local kernel: removexattr+0x58/0x90
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? syscall_exit_to_user_mode+0x31/0x50
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0xb9/0x110
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __fget_light.part.0+0x83/0xd0
Jan 24 15:15:20 kalt2test.dpt.local kernel: __ia32_sys_fremovexattr+0x80/0xa0
Jan 24 15:15:20 kalt2test.dpt.local kernel: int80_emulation+0xa9/0x110
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? vtime_user_exit+0x1c/0x70
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_exit+0x6c/0xc0
Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0x1b/0x110
Jan 24 15:15:20 kalt2test.dpt.local kernel: asm_int80_emulation+0x16/0x20
Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0023:0xf7e3b9b1
This backport is a simple cherry-pick of mainline commit 398d5843c032
("cifs: Convert struct fealist away from 1-element array").
Build and runtime tested to fix the problem.
Downstream bug report and test report: https://bugzilla.altlinux.org/49177
Difference from v0:
- No changes, only a cover letter is added with bug details.
Kees Cook (1):
cifs: Convert struct fealist away from 1-element array
fs/smb/client/cifspdu.h | 4 ++--
fs/smb/client/cifssmb.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
--
2.42.1
