Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Peilin Ye <yepeilin.cs@xxxxxxxxx>
Subject: Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Wed, 29 Jul 2020 15:58:20 +0300
Cc: Denis Efremov <efremov@xxxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, linux-kernel-mentees@xxxxxxxxxxxxxxxxxxxxxxxxx, linux-block@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <20200729115157.8519-1-yepeilin.cs@gmail.com>
References: <20200728141946.426245-1-yepeilin.cs@gmail.com> <20200729115157.8519-1-yepeilin.cs@gmail.com>
User-agent: Mutt/1.9.4 (2018-02-28)

Argh...  This isn't right still.  The "ptr" comes from raw_cmd_copyin()

ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_KERNEL);

The struct hole could still be uninitialized from kmalloc() and instead
of from the stack.  Smatch is only looking for the common stack info
leaks and doesn't worn about holes in kmalloc()ed memory.

regards,
dan carpenter

Follow-Ups:
- Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
  - From: Denis Efremov

References:
- [Linux-kernel-mentees] [PATCH] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
  - From: Peilin Ye
- [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
  - From: Peilin Ye

Prev by Date: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
Next by Date: Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
Previous by thread: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
Next by thread: Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()
Index(es):
- Date
- Thread

[Index of Archives] [Linux RAID] [Linux SCSI] [Linux ATA RAID] [IDE] [Linux Wireless] [Linux Kernel] [ATH6KL] [Linux Bluetooth] [Linux Netdev] [Kernel Newbies] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Device Mapper]