From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Rob Springer <rspringer@google.com>,
devel@driverdev.osuosl.org, kernel-janitors@vger.kernel.org,
John Joseph <jnjoseph@google.com>, Simon Que <sque@chromium.org>,
Richard Yeh <rcy@google.com>, Todd Poynor <toddpoynor@google.com>
Subject: Re: [PATCH] staging: gasket: Fix sizeof() in gasket_handle_ioctl()
Date: Tue, 9 Mar 2021 14:26:55 +0100 [thread overview]
Message-ID: <YEd3n/vbIzRr5vnA@kroah.com> (raw)
In-Reply-To: <YAroue0qiuf35rkS@mwanda>
On Fri, Jan 22, 2021 at 06:01:13PM +0300, Dan Carpenter wrote:
> The "gasket_dev->num_page_tables" variable is an int but this is copying
> sizeof(u64). On 32 bit systems this would end up disclosing a kernel
> pointer to user space, but on 64 bit it copies zeroes from a struct
> hole.
>
> Fixes: 9a69f5087ccc ("drivers/staging: Gasket driver framework + Apex driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This is an API change. Please review this carefully! Another potential
> fix would be to make ->num_page_tables a long instead of an int.
>
> drivers/staging/gasket/gasket_ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Looks like this driver is dead, with no response from anyone from
Google.
Should I just delete it? The goal of using normal apis and getting this
out of staging seems to have totally died, so it shouldn't even still be
living in the kernel tree. Even if having it here actually finds
security issues that the authors missed like this :(
So, any objection to me deleting it?
thanks,
greg k-h
next prev parent reply other threads:[~2021-03-09 13:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-22 15:01 [PATCH] staging: gasket: Fix sizeof() in gasket_handle_ioctl() Dan Carpenter
2021-03-09 13:26 ` Greg Kroah-Hartman [this message]
2021-03-09 16:57 ` AW: " Walter Harms
2021-03-09 17:03 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YEd3n/vbIzRr5vnA@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=jnjoseph@google.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=rcy@google.com \
--cc=rspringer@google.com \
--cc=sque@chromium.org \
--cc=toddpoynor@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox