From: nick <xerofoify@gmail.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
viro@zeniv.linux.org.uk
Cc: akpm@linux-foundation.org, msalter@redhat.com,
kuleshovmail@gmail.com, david.vrabel@citrix.com, vbabka@suse.cz,
ard.biesheuvel@linaro.org, jgross@suse.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org
Subject: Re: [PATCH] fs:Fix kmemleak leak warning in getname_flags about working on unitialized memory
Date: Thu, 4 Aug 2016 09:01:09 -0400 [thread overview]
Message-ID: <43b955c4-8592-1d8b-2624-419dd5501d6e@gmail.com> (raw)
In-Reply-To: <df8dd6cd-245d-0673-0246-e514b2a67fc2@I-love.SAKURA.ne.jp>
On 2016-08-04 08:18 AM, Tetsuo Handa wrote:
> On 2016/08/04 6:48, Nicholas Krause wrote:
>> This fixes a kmemleak leak warning complaining about working on
>> unitializied memory as found in the function, getname_flages. Seems
>> that we are indeed working on unitialized memory, as the filename
>> char pointer is never made to point to the filname structure's result
>> member for holding it's name, fix this by using memcpy to copy the
>> filname structure pointer's, name to the char pointer passed to this
>> function.
>>
>> Signed-off-by: Nicholas Krause <xerofoify@gmail.com>
>> ---
>> fs/namei.c | 1 +
>> mm/early_ioremap.c | 1 +
>> 2 files changed, 2 insertions(+)
>>
>> diff --git a/fs/namei.c b/fs/namei.c
>> index c386a32..6b18d57 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -196,6 +196,7 @@ getname_flags(const char __user *filename, int flags, int *empty)
>> }
>> }
>>
>> + memcpy((char *)result->name, filename, len);
>
> This filename is a __user pointer. Reading with memcpy() is not safe.
Indeed that is dangerous, I will test a v2 seeing if it is also fixed using
copy_to_user with the same pointers to kernel memory space into user space
like this with memcpy.
Good Catch,
Nick
>
>> result->uptr = filename;
>> result->aname = NULL;
>> audit_getname(result);
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-08-04 13:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-03 21:48 [PATCH] fs:Fix kmemleak leak warning in getname_flags about working on unitialized memory Nicholas Krause
2016-08-04 8:50 ` Alexnader Kuleshov
2016-08-04 12:18 ` Tetsuo Handa
2016-08-04 13:01 ` nick [this message]
2016-08-04 13:57 ` Al Viro
2016-09-01 13:10 ` Eric Sandeen
2016-09-01 17:16 ` Al Viro
2016-09-01 17:32 ` Eric Sandeen
2016-08-04 13:31 ` Vlastimil Babka
2016-08-04 13:57 ` nick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43b955c4-8592-1d8b-2624-419dd5501d6e@gmail.com \
--to=xerofoify@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=david.vrabel@citrix.com \
--cc=jgross@suse.com \
--cc=kuleshovmail@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=msalter@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).