Re: fs: Uninitialized memory read at take_dentry_name_snapshot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Al Viro wrote:
> On Mon, Sep 04, 2017 at 09:12:38PM +0900, Tetsuo Handa wrote:
> > Hello.
> > 
> > I hit kmemcheck splat on commit 49d31c2f389acfe8 ("dentry name snapshots") using linux-next-20170901.
> > Changing to strncpy() fixes this problem, but using strncpy() only if CONFIG_KMEMCHECK=y is better
> > for performance?
> 
> *shrug*
> 
> If anything, use dentry->d_name.len + 1 instead of DNAME_INLINE_LEN there, but
> that's really a false positive.

A false positive? Isn't it because we do

  dentry = kmem_cache_alloc(dentry_cache, GFP_KERNEL);
  (...snipped...)
  dname = dentry->d_iname;
  (...snipped...)
  memcpy(dname, name->name, name->len);
  dname[name->len] = 0;

at __d_alloc() which leaves a room for some of d_iname[] bytes uninitialized?
So, I think either pad explicitly at __f_alloc() or use dentry->d_name.len + 1 is needed.
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux