From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: "Hans Verkuil" <hverkuil-cisco@xs4all.nl>,
"Sakari Ailus" <sakari.ailus@linux.intel.com>,
"Laurent Pinchart" <laurent.pinchart@ideasonboard.com>,
"Vandana BN" <bnvandana@gmail.com>,
"Niklas Söderlund" <niklas.soderlund+renesas@ragnatech.se>,
"Linux Media Mailing List" <linux-media@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 02/38] media: v4l2-ioctl: avoid memory leaks on some time32 compat functions
Date: Thu, 3 Sep 2020 08:01:56 +0200 [thread overview]
Message-ID: <20200903080156.1ae119b8@coco.lan> (raw)
In-Reply-To: <CAK8P3a1MFe4mGMzjdDQURXbWLKCr8uEWgie3EZ1wb7e3EtTQdQ@mail.gmail.com>
Em Wed, 2 Sep 2020 20:45:53 +0200
Arnd Bergmann <arnd@arndb.de> escreveu:
> On Wed, Sep 2, 2020 at 6:10 PM Mauro Carvalho Chehab
> <mchehab+huawei@kernel.org> wrote:
> >
> > There are some reports about possible memory leaks:
> >
> > drivers/media/v4l2-core//v4l2-ioctl.c:3203 video_put_user() warn: check that 'ev32' doesn't leak information (struct has a hole after 'type')
> > drivers/media/v4l2-core//v4l2-ioctl.c:3230 video_put_user() warn: check that 'vb32' doesn't leak information (struct has a hole after 'memory')
> >
> > While smatch seems to be reporting a false positive (line 3203),
> > there's indeed a possible leak with reserved2 at vb32.
> >
> > We might have fixed just that one, but smatch checks won't
> > be able to check leaks at ev32. So, re-work the code in a way
> > that will ensure that the var contents will be zeroed before
> > filling it.
> >
> > With that, we don't need anymore to touch reserved fields.
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
>
> Isn't this the same as commit 4ffb879ea648 ("media: media/v4l2-core:
> Fix kernel-infoleak
> in video_put_user()") that you already applied (aside from the issue
> that Laurent
> pointed out)?
Oh! I completely forgot about that one which is at the fixes branch.
Yeah, you're right! I'll drop this one from the series.
Thanks!
Mauro
next prev parent reply other threads:[~2020-09-03 6:02 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-02 16:10 [PATCH 00/38] media sparse/smatch warn fixes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 01/38] media: tda10086: cleanup symbol_rate setting logic Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 02/38] media: v4l2-ioctl: avoid memory leaks on some time32 compat functions Mauro Carvalho Chehab
2020-09-02 16:26 ` Laurent Pinchart
2020-09-02 18:45 ` Arnd Bergmann
2020-09-03 6:01 ` Mauro Carvalho Chehab [this message]
2020-09-02 16:10 ` [PATCH 03/38] media: qt1010: fix usage of unititialized value Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 04/38] media: av7110_v4l: avoid a typecast Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 05/38] media: wl128x: get rid of a potential spectre issue Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 06/38] media: venus: place extern venus_fw_debug on a header file Mauro Carvalho Chehab
2020-09-10 10:45 ` Stanimir Varbanov
2020-09-02 16:10 ` [PATCH 07/38] media: tda10021: avoid casts when using symbol_rate Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 08/38] media: serial_ir: use the right type for a dma address Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 09/38] media: vivid: move the detection part out of vivid_create_instance Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 10/38] media: vivid: place the logic which disables ioctl on a separate function Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 11/38] media: vivid: move set_capabilities logic to " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 12/38] media: vivid: place dt timings init code on " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 13/38] media: vivid: move the create queues to " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 14/38] media: vivid: move the devnode creation logic " Mauro Carvalho Chehab
2020-09-02 21:57 ` kernel test robot
2020-09-02 21:57 ` kernel test robot
2020-09-03 0:31 ` kernel test robot
2020-09-03 0:31 ` kernel test robot
2020-09-02 16:10 ` [PATCH 15/38] media: vivid: fix error path Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 16/38] media: videobuf-dma-sg: number of pages should be unsigned long Mauro Carvalho Chehab
2020-09-03 7:49 ` John Hubbard
2020-09-02 16:10 ` [PATCH 17/38] media: cx25821-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 18/38] media: cx23885-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 19/38] media: cx88-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 20/38] media: saa7134-alsa.c: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 21/38] media: dvb-ttusb-budget: don't use stack for USB transfers Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 22/38] media: dvb-ttusb-budget: cleanup printk logic Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 23/38] media: saa7134: avoid a shift overflow Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 24/38] media: atomisp: fix casts at atomisp_compat_ioctl32.c Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 25/38] media: atomisp: get rid of some unused code Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 26/38] media: atomisp: cleanup ifdefs from ia_css_debug.c Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 27/38] media: atomisp: get rid of version-dependent globals Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 28/38] media: atomisp: get rid of isys_dma.h and isys_dma_local.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 29/38] media: atomisp: get rid of ibuf_ctrl abstraction Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 30/38] media: atomisp: don't check for ISP version for includes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 31/38] media: atomisp: unify INPUT error return type Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 32/38] media: atomisp: de-duplicate names at *_input_system_global.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 33/38] media: atomisp: reorder functions at pixelgen_private.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 34/38] media: atomisp: remove compile-time tests from input_system_global.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 35/38] media: atomisp: fix some bad indents Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 36/38] media: atomisp: csi_rx.c: add a missing includes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 37/38] media: atomisp: atomisp_gmin_platform: check before use Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 38/38] media: atomisp: cleanup isys_irq headers Mauro Carvalho Chehab
2020-09-07 10:17 ` [PATCH 00/38] media sparse/smatch warn fixes Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200903080156.1ae119b8@coco.lan \
--to=mchehab+huawei@kernel.org \
--cc=arnd@arndb.de \
--cc=bnvandana@gmail.com \
--cc=hverkuil-cisco@xs4all.nl \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=niklas.soderlund+renesas@ragnatech.se \
--cc=sakari.ailus@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.