On Wed, 4 Jun 2014 12:49:46 -0400
Joe Lawrence <joe.lawrence@xxxxxxxxxxx> wrote:
> Fixes the following smatch warning:
>
> drivers/message/fusion/mptctl.c:1369 mptctl_getiocinfo() warn:
> possible info leak 'karg'
>
> Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxxx>
> Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>
> Cc: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Cc: Sreekanth Reddy <Sreekanth.Reddy@xxxxxxx>
> ---
> drivers/message/fusion/mptctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/message/fusion/mptctl.c b/drivers/message/fusion/mptctl.c
> index dcc8385..e6d8935 100644
> --- a/drivers/message/fusion/mptctl.c
> +++ b/drivers/message/fusion/mptctl.c
> @@ -1261,7 +1261,7 @@ mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
> else
> return -EFAULT;
>
> - karg = kmalloc(data_size, GFP_KERNEL);
> + karg = kzalloc(data_size, GFP_KERNEL);
> if (karg == NULL) {
> printk(KERN_ERR MYNAM "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
> __FILE__, __LINE__);
Hi Dan,
kzalloc silenced that smatch warning, but the code looks like:
(calculate data_size)
...
karg = kmalloc(data_size, GFP_KERNEL);
...
if (copy_from_user(karg, uarg, data_size)) {
...
if (copy_to_user((char __user *)arg, karg, data_size)) {
where 'data_size' once calculated, is unchanged. Since the size
allocated is the same copied from the user and the same copied back out
to the user, would this really be considered an info leak?
Regards,
-- Joe
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
