On 2016-08-04 08:18 AM, Tetsuo Handa wrote: > On 2016/08/04 6:48, Nicholas Krause wrote: >> This fixes a kmemleak leak warning complaining about working on >> unitializied memory as found in the function, getname_flages. Seems >> that we are indeed working on unitialized memory, as the filename >> char pointer is never made to point to the filname structure's result >> member for holding it's name, fix this by using memcpy to copy the >> filname structure pointer's, name to the char pointer passed to this >> function. >> >> Signed-off-by: Nicholas Krause <xerofoify@xxxxxxxxx> >> --- >> fs/namei.c | 1 + >> mm/early_ioremap.c | 1 + >> 2 files changed, 2 insertions(+) >> >> diff --git a/fs/namei.c b/fs/namei.c >> index c386a32..6b18d57 100644 >> --- a/fs/namei.c >> +++ b/fs/namei.c >> @@ -196,6 +196,7 @@ getname_flags(const char __user *filename, int flags, int *empty) >> } >> } >> >> + memcpy((char *)result->name, filename, len); > > This filename is a __user pointer. Reading with memcpy() is not safe. Indeed that is dangerous, I will test a v2 seeing if it is also fixed using copy_to_user with the same pointers to kernel memory space into user space like this with memcpy. Good Catch, Nick > >> result->uptr = filename; >> result->aname = NULL; >> audit_getname(result); > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>