On Thu, Aug 04, 2016 at 09:18:19PM +0900, Tetsuo Handa wrote: > On 2016/08/04 6:48, Nicholas Krause wrote: > > This fixes a kmemleak leak warning complaining about working on > > unitializied memory as found in the function, getname_flages. Seems > > that we are indeed working on unitialized memory, as the filename > > char pointer is never made to point to the filname structure's result > > member for holding it's name, fix this by using memcpy to copy the > > filname structure pointer's, name to the char pointer passed to this > > function. > > > > Signed-off-by: Nicholas Krause <xerofoify@xxxxxxxxx> > > --- > > fs/namei.c | 1 + > > mm/early_ioremap.c | 1 + > > 2 files changed, 2 insertions(+) > > > > diff --git a/fs/namei.c b/fs/namei.c > > index c386a32..6b18d57 100644 > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -196,6 +196,7 @@ getname_flags(const char __user *filename, int flags, int *empty) > > } > > } > > > > + memcpy((char *)result->name, filename, len); > > This filename is a __user pointer. Reading with memcpy() is not safe. Don't feed the troll. On all paths leading to that place we have result->name = kname; len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX); or result->name = kname; len = strncpy_from_user(kname, filename, PATH_MAX); with failure exits taken if strncpy_from_user() returns an error, which means that the damn thing has already been copied into. FWIW, it looks a lot like buggered kmemcheck; as usual, he can't be bothered to mention which kernel version would it be (let alone how to reproduce it on the kernel in question), but IIRC davej had run into some instrumentation breakage lately. Again, don't feed the troll - you are only inviting an "improved" version of that garbage, just as pointless. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>