From patchwork Tue Feb 14 15:49:35 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cyrill Gorcunov <gorcunov@gmail.com>
X-Patchwork-Id: 9572153
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5614F60573 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 14 Feb 2017 15:49:53 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4EBDB283F9
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 14 Feb 2017 15:49:53 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 434F828417; Tue, 14 Feb 2017 15:49:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E7928283F9
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 14 Feb 2017 15:49:52 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753471AbdBNPtk (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 14 Feb 2017 10:49:40 -0500
Received: from mail-lf0-f66.google.com ([209.85.215.66]:35865 "EHLO
	mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753064AbdBNPtj (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 14 Feb 2017 10:49:39 -0500
Received: by mail-lf0-f66.google.com with SMTP id h65so11339334lfi.3;
	Tue, 14 Feb 2017 07:49:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=/HNhMJyw/JYnoRuR2H/gsh0War0Q0RwgEJWlfJ+iqpM=;
	b=BsI/WMfO7GjHwL6+SRhy2g02Ouw0biNUcZmWx3K0IGM2dqWdBQJ53DRgTECRudnPGJ
	u+ADHREd/DSA1E6GfHKz6V/vb4i0WabmDYkaMu95f0HlcV/RYNlQJOTuyG6jU3cH/kmJ
	VESmfwtyEVXiOGZAjenVCX7N68U2Arr4t+xdN/qO/4WuB2GwZvDJc0OMwLW805jbrILz
	qdLW9AN+gFqlENAq8mKJyadOTJIBfv1PdU6A8gnIkp06zr8B2h2Hd3Ypg0Kr1bK0iMsp
	LitrPl/dhHM14ttwNOrddDQfde+qVMeTj+UHb/SRWTEQju137uC4Zulcb8sSlKR+HwnV
	+Bfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=/HNhMJyw/JYnoRuR2H/gsh0War0Q0RwgEJWlfJ+iqpM=;
	b=Sz36VZcLNV/vNc8X9RnqGe9ea/WhtW0rJBoEAcwwc9dNyFNGaR9Opqr+K0OfjvMmBR
	KSvDjVvquzhaE4hgvd5XP6tcJQtlusdzEBOMG6Hs4hGgr5rnQU2zb8gatrGaYoCy48wL
	ZSUTJPqJ+e7a39FoJSVcSf4+lMEwHR7ncHcYNrbJ/My3HUZVPMA0ngg/4CzibzSAqEMj
	hRkSKAvCc6cge8jJDdl/9gP80Zz+Oa2aZmeQr+mEkZDNIE3VrunSpwwfo0ANXCh2H/h7
	q1CttBuzY0TMxyNPLC67ip4d3ugmXPnb4A4odVqZa4Rv21fzliMOhr3trmZZLWDH5aGp
	mYeA==
X-Gm-Message-State: 
 AMke39lHZ9ZzQ8xYKeZJKBj1FKjUUAkBuIjr9MY3PZ76kR9ArjujIT1Lvw8S20Yqa4WanQ==
X-Received: by 10.25.196.136 with SMTP id u130mr7927350lff.37.1487087377232;
	Tue, 14 Feb 2017 07:49:37 -0800 (PST)
Received: from uranus.localdomain ([5.18.178.31])
	by smtp.gmail.com with ESMTPSA id
	134sm224903ljj.61.2017.02.14.07.49.36
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 14 Feb 2017 07:49:36 -0800 (PST)
Received: by uranus.localdomain (Postfix, from userid 1000)
	id 7C83720DFA; Tue, 14 Feb 2017 18:49:35 +0300 (MSK)
Date: Tue, 14 Feb 2017 18:49:35 +0300
From: Cyrill Gorcunov <gorcunov@gmail.com>
To: LINUXFS-ML <linux-fsdevel@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	Andrew Morton <akpm@linuxfoundation.org>,
	Andrey Vagin <avagin@virtuozzo.com>
Subject: [PATCH] fs,eventpoll: Don't test for bitfield with stack value
Message-ID: <20170214154935.GG1850@uranus.lan>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.7.1 (2016-10-04)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In case if epoll_ctl is called with operation EPOLL_CTL_DEL then
@epds.events variable allocated on stack may contain random bits which
we test then for EPOLLEXCLUSIVE. Since currently the test look
like

	if (epds.events & EPOLLEXCLUSIVE) {
		if (op == EPOLL_CTL_MOD)
			goto error_tgt_fput;
		if (op == EPOLL_CTL_ADD && (is_file_epoll(tf.file) ||
				(epds.events & ~EPOLLEXCLUSIVE_OK_BITS)))
			goto error_tgt_fput;
	}

Nothing serious will happen even if epds.events has this bit set,
still better to be on safe side and make sure that we're to test
this bit at all.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 fs/eventpoll.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-ml.git/fs/eventpoll.c
===================================================================
--- linux-ml.git.orig/fs/eventpoll.c
+++ linux-ml.git/fs/eventpoll.c
@@ -1895,7 +1895,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, in
 	 * so EPOLLEXCLUSIVE is not allowed for a EPOLL_CTL_MOD operation.
 	 * Also, we do not currently supported nested exclusive wakeups.
 	 */
-	if (epds.events & EPOLLEXCLUSIVE) {
+	if (ep_op_has_event(op) && (epds.events & EPOLLEXCLUSIVE)) {
 		if (op == EPOLL_CTL_MOD)
 			goto error_tgt_fput;
 		if (op == EPOLL_CTL_ADD && (is_file_epoll(tf.file) ||