From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: "Hans Verkuil" <hverkuil-cisco@xs4all.nl>,
"Sakari Ailus" <sakari.ailus@linux.intel.com>,
"Laurent Pinchart" <laurent.pinchart@ideasonboard.com>,
"Vandana BN" <bnvandana@gmail.com>,
"Niklas Söderlund" <niklas.soderlund+renesas@ragnatech.se>,
"Linux Media Mailing List" <linux-media@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 02/38] media: v4l2-ioctl: avoid memory leaks on some time32 compat functions
Date: Thu, 3 Sep 2020 08:01:56 +0200 [thread overview]
Message-ID: <20200903080156.1ae119b8@coco.lan> (raw)
In-Reply-To: <CAK8P3a1MFe4mGMzjdDQURXbWLKCr8uEWgie3EZ1wb7e3EtTQdQ@mail.gmail.com>
Em Wed, 2 Sep 2020 20:45:53 +0200
Arnd Bergmann <arnd@arndb.de> escreveu:
> On Wed, Sep 2, 2020 at 6:10 PM Mauro Carvalho Chehab
> <mchehab+huawei@kernel.org> wrote:
> >
> > There are some reports about possible memory leaks:
> >
> > drivers/media/v4l2-core//v4l2-ioctl.c:3203 video_put_user() warn: check that 'ev32' doesn't leak information (struct has a hole after 'type')
> > drivers/media/v4l2-core//v4l2-ioctl.c:3230 video_put_user() warn: check that 'vb32' doesn't leak information (struct has a hole after 'memory')
> >
> > While smatch seems to be reporting a false positive (line 3203),
> > there's indeed a possible leak with reserved2 at vb32.
> >
> > We might have fixed just that one, but smatch checks won't
> > be able to check leaks at ev32. So, re-work the code in a way
> > that will ensure that the var contents will be zeroed before
> > filling it.
> >
> > With that, we don't need anymore to touch reserved fields.
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
>
> Isn't this the same as commit 4ffb879ea648 ("media: media/v4l2-core:
> Fix kernel-infoleak
> in video_put_user()") that you already applied (aside from the issue
> that Laurent
> pointed out)?
Oh! I completely forgot about that one which is at the fixes branch.
Yeah, you're right! I'll drop this one from the series.
Thanks!
Mauro
next prev parent reply other threads:[~2020-09-03 6:02 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-02 16:10 [PATCH 00/38] media sparse/smatch warn fixes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 01/38] media: tda10086: cleanup symbol_rate setting logic Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 02/38] media: v4l2-ioctl: avoid memory leaks on some time32 compat functions Mauro Carvalho Chehab
2020-09-02 16:26 ` Laurent Pinchart
2020-09-02 18:45 ` Arnd Bergmann
2020-09-03 6:01 ` Mauro Carvalho Chehab [this message]
2020-09-02 16:10 ` [PATCH 03/38] media: qt1010: fix usage of unititialized value Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 04/38] media: av7110_v4l: avoid a typecast Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 05/38] media: wl128x: get rid of a potential spectre issue Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 06/38] media: venus: place extern venus_fw_debug on a header file Mauro Carvalho Chehab
2020-09-10 10:45 ` Stanimir Varbanov
2020-09-02 16:10 ` [PATCH 07/38] media: tda10021: avoid casts when using symbol_rate Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 08/38] media: serial_ir: use the right type for a dma address Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 09/38] media: vivid: move the detection part out of vivid_create_instance Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 10/38] media: vivid: place the logic which disables ioctl on a separate function Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 11/38] media: vivid: move set_capabilities logic to " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 12/38] media: vivid: place dt timings init code on " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 13/38] media: vivid: move the create queues to " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 14/38] media: vivid: move the devnode creation logic " Mauro Carvalho Chehab
2020-09-02 21:57 ` kernel test robot
2020-09-03 0:31 ` kernel test robot
2020-09-02 16:10 ` [PATCH 15/38] media: vivid: fix error path Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 16/38] media: videobuf-dma-sg: number of pages should be unsigned long Mauro Carvalho Chehab
2020-09-03 7:49 ` John Hubbard
2020-09-02 16:10 ` [PATCH 17/38] media: cx25821-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 18/38] media: cx23885-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 19/38] media: cx88-alsa: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 20/38] media: saa7134-alsa.c: " Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 21/38] media: dvb-ttusb-budget: don't use stack for USB transfers Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 22/38] media: dvb-ttusb-budget: cleanup printk logic Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 23/38] media: saa7134: avoid a shift overflow Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 24/38] media: atomisp: fix casts at atomisp_compat_ioctl32.c Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 25/38] media: atomisp: get rid of some unused code Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 26/38] media: atomisp: cleanup ifdefs from ia_css_debug.c Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 27/38] media: atomisp: get rid of version-dependent globals Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 28/38] media: atomisp: get rid of isys_dma.h and isys_dma_local.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 29/38] media: atomisp: get rid of ibuf_ctrl abstraction Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 30/38] media: atomisp: don't check for ISP version for includes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 31/38] media: atomisp: unify INPUT error return type Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 32/38] media: atomisp: de-duplicate names at *_input_system_global.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 33/38] media: atomisp: reorder functions at pixelgen_private.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 34/38] media: atomisp: remove compile-time tests from input_system_global.h Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 35/38] media: atomisp: fix some bad indents Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 36/38] media: atomisp: csi_rx.c: add a missing includes Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 37/38] media: atomisp: atomisp_gmin_platform: check before use Mauro Carvalho Chehab
2020-09-02 16:10 ` [PATCH 38/38] media: atomisp: cleanup isys_irq headers Mauro Carvalho Chehab
2020-09-07 10:17 ` [PATCH 00/38] media sparse/smatch warn fixes Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200903080156.1ae119b8@coco.lan \
--to=mchehab+huawei@kernel.org \
--cc=arnd@arndb.de \
--cc=bnvandana@gmail.com \
--cc=hverkuil-cisco@xs4all.nl \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=niklas.soderlund+renesas@ragnatech.se \
--cc=sakari.ailus@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).