Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()

From: Dan Carpenter
Date: Wed Jul 29 2020 - 09:00:43 EST

Next message: Mike Rapoport: "Re: [RFC PATCH 0/6] decrease unnecessary gap due to pmem kmem alignment"
Previous message: peterz: "Re: [PATCH 0/2] locking/qspinlock: Break qspinlock_types.h header loop"
In reply to: Peilin Ye: "[Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
Next in thread: Denis Efremov: "Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Argh... This isn't right still. The "ptr" comes from raw_cmd_copyin()

ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_KERNEL);

The struct hole could still be uninitialized from kmalloc() and instead
of from the stack. Smatch is only looking for the common stack info
leaks and doesn't worn about holes in kmalloc()ed memory.

regards,
dan carpenter

Next message: Mike Rapoport: "Re: [RFC PATCH 0/6] decrease unnecessary gap due to pmem kmem alignment"
Previous message: peterz: "Re: [PATCH 0/2] locking/qspinlock: Break qspinlock_types.h header loop"
In reply to: Peilin Ye: "[Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
Next in thread: Denis Efremov: "Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]