Commit ba4c79dc authored by Randy Dunlap's avatar Randy Dunlap Committed by ZhaoLong Wang
Browse files

NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds 

stable inclusion
from stable-v5.10.36
commit 96fa26b74cdcf9f5c98996bf36bec9fb5b19ffe2
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I949C5
CVE: CVE-2021-46952

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=96fa26b74cdcf9f5c98996bf36bec9fb5b19ffe2



--------------------------------

commit c09f11ef upstream.

Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused
by a garbage timeout (retrans) mount option being passed to nfs mount,
in this case from syzkaller.

If the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift
value for a 64-bit long integer, so 'retrans' cannot be >= 64.
If it is >= 64, fail the mount and return an error.

Fixes: 9954bf92 ("NFS: Move mount parameterisation bits into their own file")
Reported-by: default avatar <syzbot+ba2e91df8f74809417fa@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+f3a0fa110fd630ab56c8@syzkaller.appspotmail.com>
Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: Anna Schumaker <anna.schumaker@netapp.com>
Cc: linux-nfs@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
    fs/nfs/fs_context.c
Signed-off-by: default avatarZhaoLong Wang <wangzhaolong1@huawei.com>
parent bf1b7dd5
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment