[PATCH] Memset the kernel copy of rtas args before using

[PATCH] Memset the kernel copy of rtas args before using

[Nathan Fontenot]

The kernel copy of the rtas args struct that is read in from
user space is a stack variable.  This structure should be
zero'ed out before we do any reads/writes to/from the user
when handling a rtas call request.  This patch adds a memset
to do this.

I am seeing an issue in testing partition mobility, where the
parts of the rtas args struct that return status top the user
contain stale data.

Signed-off-by: Nathan Fontenot <nfont@ausitn,ibm.com>
---

Index: linux-2.6.git/arch/powerpc/kernel/rtas.c
===================================================================
--- linux-2.6.git.orig/arch/powerpc/kernel/rtas.c	2008-07-22 09:34:03.000000000 -0500
+++ linux-2.6.git/arch/powerpc/kernel/rtas.c	2008-07-25 16:06:00.000000000 -0500
@@ -775,6 +775,8 @@
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
+	memset(&args, 0, sizeof(args));
+
 	if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0)
 		return -EFAULT;
 

[PATCH] Memset the kernel copy of rtas args before using

[Milton Miller]

On Sat Jul 26 at 07:25:47 EST in 2008, Nathan Fontenot wrote:
> The kernel copy of the rtas args struct that is read in from
> user space is a stack variable.  This structure should be
> zero'ed out before we do any reads/writes to/from the user
> when handling a rtas call request.  This patch adds a memset
> to do this.

Why bother to zero the data before copying from the user?  We
check that they supply data for the whole input range needed.

> I am seeing an issue in testing partition mobility, where the
> parts of the rtas args struct that return status top the user
> contain stale data.

Please change the patch to just clear the output arg range.
(I"m fine not trusting firmware to set all output args based
on what the user suggested the return arg count would be).

And we can do it after we decide not to return an error:

  792         if (args.token == RTAS_UNKNOWN_SERVICE)
  793                 return -EINVAL;
  794
  795         /* Need to handle ibm,suspend_me call specially */


milton

Re: [PATCH] Memset the kernel copy of rtas args before using

[Sergei Shtylyov]

Hello.

Nathan Fontenot wrote:
> Index: linux-2.6.git/arch/powerpc/kernel/rtas.c
> ===================================================================
> --- linux-2.6.git.orig/arch/powerpc/kernel/rtas.c    2008-07-22 
> 09:34:03.000000000 -0500
> +++ linux-2.6.git/arch/powerpc/kernel/rtas.c    2008-07-25 
> 16:06:00.000000000 -0500
> @@ -775,6 +775,8 @@
>     if (!capable(CAP_SYS_ADMIN))
>         return -EPERM;
>
> +    memset(&args, 0, sizeof(args));
> +

   You could use memzero() directly -- memset(x, 0, sizeof(x))l should 
boil down to it anyway...
>     if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0)
>         return -EFAULT;

WBR, Sergei