linux/fs/nfs
Eric Biggers 49686cbbb3 NFS: reject request for id_legacy key without auxdata
nfs_idmap_legacy_upcall() is supposed to be called with 'aux' pointing
to a 'struct idmap', via the call to request_key_with_auxdata() in
nfs_idmap_request_key().

However it can also be reached via the request_key() system call in
which case 'aux' will be NULL, causing a NULL pointer dereference in
nfs_idmap_prepare_pipe_upcall(), assuming that the key description is
valid enough to get that far.

Fix this by making nfs_idmap_legacy_upcall() negate the key if no
auxdata is provided.

As usual, this bug was found by syzkaller.  A simple reproducer using
the command-line keyctl program is:

    keyctl request2 id_legacy uid:0 '' @s

Fixes: 57e62324e4 ("NFS: Store the legacy idmapper result in the keyring")
Reported-by: syzbot+5dfdbcf7b3eb5912abbb@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org> # v3.4+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Trond Myklebust <trondmy@gmail.com>
2018-01-22 10:05:11 -05:00
..
blocklayout pnfs/blocklayout: handle transient devices 2018-01-14 23:06:29 -05:00
filelayout nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE 2018-01-18 12:51:31 -05:00
flexfilelayout NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
cache_lib.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
cache_lib.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
callback_proc.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
callback_xdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
callback.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
callback.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
client.c nfs: fix a deadlock in nfs client initialization 2017-12-15 14:31:49 -05:00
delegation.c NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID. 2017-11-17 16:43:47 -05:00
delegation.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
dir.c Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
direct.c NFS: commit direct writes even if they fail partially 2018-01-16 10:13:23 -05:00
dns_resolve.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dns_resolve.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
export.c nfs: remove unused label in nfs_encode_fh() 2018-01-16 10:12:49 -05:00
file.c NFS: Revert "NFS: Move the flock open mode check into nfs_flock()" 2017-11-17 16:43:52 -05:00
fscache-index.c fscache: remove unused ->now_uncached callback 2017-09-06 17:27:26 -07:00
fscache.c
fscache.h
getroot.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
inode.c Support statx() mask and query flags parameters 2018-01-14 23:06:29 -05:00
internal.h Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
io.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iostat.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig pnfs/blocklayout: require 64-bit sector_t 2017-08-11 14:10:13 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mount_clnt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namespace.c NFS: Use ERR_CAST() to avoid cross-structure cast 2017-05-28 10:11:47 -07:00
netns.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs2super.c
nfs2xdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs3_fs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs3acl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs3client.c NFS: Remove unused authflavour parameter from nfs_get_client() 2016-12-01 17:46:32 -05:00
nfs3proc.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
nfs3super.c
nfs3xdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4_fs.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
nfs4client.c nfs: Update server port after referral or migration 2018-01-14 23:06:30 -05:00
nfs4file.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4getroot.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4idmap.c NFS: reject request for id_legacy key without auxdata 2018-01-22 10:05:11 -05:00
nfs4idmap.h NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4namespace.c nfs: Referrals should use the same proto setting as their parent 2018-01-14 23:06:30 -05:00
nfs4proc.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-01-14 23:06:29 -05:00
nfs4renewd.c NFSv4: Set the connection timeout to match the lease period 2017-02-09 14:15:16 -05:00
nfs4session.c NFSv4.1: Fix regression in callback retry handling 2016-12-01 17:21:38 -05:00
nfs4session.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4state.c NFSv4: always set NFS_LOCK_LOST when a lock is lost. 2018-01-14 23:06:29 -05:00
nfs4super.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-01-18 15:10:47 -05:00
nfs4trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4trace.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
nfs4xdr.c NFS: Fix nfsstat breakage due to LOOKUPP 2018-01-14 23:06:29 -05:00
nfs42.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs42proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs42xdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfsroot.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfstrace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfstrace.h nfs: Use proper enum definitions for nfs_show_stable 2018-01-18 15:01:22 -05:00
pagelist.c NFS: remove unused offset arg in nfs_pgio_rpcsetup 2018-01-14 23:06:29 -05:00
pnfs_dev.c pnfs/blocklayout: handle transient devices 2018-01-14 23:06:29 -05:00
pnfs_nfs.c fs, nfs: convert nfs4_pnfs_ds.ds_count from atomic_t to refcount_t 2017-11-17 13:47:59 -05:00
pnfs.c nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds 2018-01-14 23:06:29 -05:00
pnfs.h pnfs/blocklayout: handle transient devices 2018-01-14 23:06:29 -05:00
proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
read.c NFS: Add static NFS I/O tracepoints 2017-09-11 22:20:38 -04:00
super.c Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
symlink.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
unlink.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
write.c NFS: Add a cond_resched() to nfs_commit_release_pages() 2018-01-14 23:06:28 -05:00