[Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:15 ` Peilin Ye
  0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:15 UTC (permalink / raw)
  To: Stefan Richter
  Cc: Peilin Ye, Dan Carpenter, Arnd Bergmann, Greg Kroah-Hartman,
	linux-kernel-mentees, linux1394-devel, linux-kernel

ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().

Cc: stable@vger.kernel.org
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
 drivers/firewire/core-cdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
 {
 	struct fw_card *card = client->device->card;
 
+	memset(event, 0, sizeof(*event));
+
 	spin_lock_irq(&card->lock);
 
 	event->closure	     = client->bus_reset_closure;
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:15 ` Peilin Ye
  0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:15 UTC (permalink / raw)
  To: Stefan Richter
  Cc: Arnd Bergmann, linux-kernel, linux1394-devel,
	linux-kernel-mentees, Peilin Ye, Dan Carpenter

ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().

Cc: stable@vger.kernel.org
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
 drivers/firewire/core-cdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
 {
 	struct fw_card *card = client->device->card;
 
+	memset(event, 0, sizeof(*event));
+
 	spin_lock_irq(&card->lock);
 
 	event->closure	     = client->bus_reset_closure;
-- 
2.25.1

_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
  2020-07-27 15:15 ` Peilin Ye
@ 2020-07-27 15:35   ` Arnd Bergmann
  -1 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2020-07-27 15:35 UTC (permalink / raw)
  To: Peilin Ye
  Cc: Stefan Richter, Dan Carpenter, Greg Kroah-Hartman,
	linux-kernel-mentees, linux1394-devel, linux-kernel

On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
>
> ioctl_get_info() is copying uninitialized stack memory to userspace due to
> the compiler not initializing holes in statically allocated structures.
> Fix it by initializing `event` using memset() in fill_bus_reset_event().
>
> Cc: stable@vger.kernel.org
> Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>

Acked-by: Arnd Bergmann <arnd@arndb.de>

I would recommend always looking through the git history of the
file to come up with an appropriate 'Fixes' tag. In this case

$ git log -p --follow drivers/firewire/core-cdev.c

searching for any mention of fill_bus_reset_event leads you to
commit 344bbc4de14e.

In my ~/.gitconfig I have this alias:

[core]
        abbrev = 12
[alias]
        fixes = show --format='Fixes: %h (\"%s\")' -s

With something like that, calling 'git fixes 344bbc4de14e' produces
the line to copy:

Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")

     Arnd

> ---
>  drivers/firewire/core-cdev.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
> index fb6c651214f3..2341d762df5b 100644
> --- a/drivers/firewire/core-cdev.c
> +++ b/drivers/firewire/core-cdev.c
> @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
>  {
>         struct fw_card *card = client->device->card;
>
> +       memset(event, 0, sizeof(*event));
> +
>         spin_lock_irq(&card->lock);
>
>         event->closure       = client->bus_reset_closure;
> --
> 2.25.1
>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:35   ` Arnd Bergmann
  0 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2020-07-27 15:35 UTC (permalink / raw)
  To: Peilin Ye
  Cc: linux-kernel, Stefan Richter, linux1394-devel,
	linux-kernel-mentees, Dan Carpenter

On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
>
> ioctl_get_info() is copying uninitialized stack memory to userspace due to
> the compiler not initializing holes in statically allocated structures.
> Fix it by initializing `event` using memset() in fill_bus_reset_event().
>
> Cc: stable@vger.kernel.org
> Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>

Acked-by: Arnd Bergmann <arnd@arndb.de>

I would recommend always looking through the git history of the
file to come up with an appropriate 'Fixes' tag. In this case

$ git log -p --follow drivers/firewire/core-cdev.c

searching for any mention of fill_bus_reset_event leads you to
commit 344bbc4de14e.

In my ~/.gitconfig I have this alias:

[core]
        abbrev = 12
[alias]
        fixes = show --format='Fixes: %h (\"%s\")' -s

With something like that, calling 'git fixes 344bbc4de14e' produces
the line to copy:

Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")

     Arnd

> ---
>  drivers/firewire/core-cdev.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
> index fb6c651214f3..2341d762df5b 100644
> --- a/drivers/firewire/core-cdev.c
> +++ b/drivers/firewire/core-cdev.c
> @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
>  {
>         struct fw_card *card = client->device->card;
>
> +       memset(event, 0, sizeof(*event));
> +
>         spin_lock_irq(&card->lock);
>
>         event->closure       = client->bus_reset_closure;
> --
> 2.25.1
>
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
  2020-07-27 15:35   ` Arnd Bergmann
@ 2020-07-27 15:40     ` Peilin Ye
  -1 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:40 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Stefan Richter, Dan Carpenter, Greg Kroah-Hartman,
	linux-kernel-mentees, linux1394-devel, linux-kernel

On Mon, Jul 27, 2020 at 05:35:12PM +0200, Arnd Bergmann wrote:
> On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > ioctl_get_info() is copying uninitialized stack memory to userspace due to
> > the compiler not initializing holes in statically allocated structures.
> > Fix it by initializing `event` using memset() in fill_bus_reset_event().
> >
> > Cc: stable@vger.kernel.org
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Suggested-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
> 
> Acked-by: Arnd Bergmann <arnd@arndb.de>
> 
> I would recommend always looking through the git history of the
> file to come up with an appropriate 'Fixes' tag. In this case
> 
> $ git log -p --follow drivers/firewire/core-cdev.c
> 
> searching for any mention of fill_bus_reset_event leads you to
> commit 344bbc4de14e.
> 
> In my ~/.gitconfig I have this alias:
> 
> [core]
>         abbrev = 12
> [alias]
>         fixes = show --format='Fixes: %h (\"%s\")' -s
> 
> With something like that, calling 'git fixes 344bbc4de14e' produces
> the line to copy:
> 
> Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")

Thank you for the advice! Actually I did all of that (manually...) but
wasn't sure whether I should add it on. I will send a v2 soon, and do so
for future patches.

Thank you,
Peilin Ye

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:40     ` Peilin Ye
  0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:40 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: linux-kernel, Stefan Richter, linux1394-devel,
	linux-kernel-mentees, Dan Carpenter

On Mon, Jul 27, 2020 at 05:35:12PM +0200, Arnd Bergmann wrote:
> On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > ioctl_get_info() is copying uninitialized stack memory to userspace due to
> > the compiler not initializing holes in statically allocated structures.
> > Fix it by initializing `event` using memset() in fill_bus_reset_event().
> >
> > Cc: stable@vger.kernel.org
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Suggested-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
> 
> Acked-by: Arnd Bergmann <arnd@arndb.de>
> 
> I would recommend always looking through the git history of the
> file to come up with an appropriate 'Fixes' tag. In this case
> 
> $ git log -p --follow drivers/firewire/core-cdev.c
> 
> searching for any mention of fill_bus_reset_event leads you to
> commit 344bbc4de14e.
> 
> In my ~/.gitconfig I have this alias:
> 
> [core]
>         abbrev = 12
> [alias]
>         fixes = show --format='Fixes: %h (\"%s\")' -s
> 
> With something like that, calling 'git fixes 344bbc4de14e' produces
> the line to copy:
> 
> Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")

Thank you for the advice! Actually I did all of that (manually...) but
wasn't sure whether I should add it on. I will send a v2 soon, and do so
for future patches.

Thank you,
Peilin Ye
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Linux-kernel-mentees] [PATCH v2] firewire: Prevent kernel-infoleak in ioctl_get_info()
  2020-07-27 15:15 ` Peilin Ye
@ 2020-07-27 15:45   ` Peilin Ye
  -1 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:45 UTC (permalink / raw)
  To: Stefan Richter
  Cc: Peilin Ye, Dan Carpenter, Arnd Bergmann, Greg Kroah-Hartman,
	linux-kernel-mentees, linux1394-devel, linux-kernel

ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().

Cc: stable@vger.kernel.org
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
Change in v2:
    - Add an appropriate `Fixes` tag. (Suggested by Arnd Bergmann
      <arnd@arndb.de>)

 drivers/firewire/core-cdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
 {
 	struct fw_card *card = client->device->card;
 
+	memset(event, 0, sizeof(*event));
+
 	spin_lock_irq(&card->lock);
 
 	event->closure	     = client->bus_reset_closure;
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Linux-kernel-mentees] [PATCH v2] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:45   ` Peilin Ye
  0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:45 UTC (permalink / raw)
  To: Stefan Richter
  Cc: Arnd Bergmann, linux-kernel, linux1394-devel,
	linux-kernel-mentees, Peilin Ye, Dan Carpenter

ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().

Cc: stable@vger.kernel.org
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
Change in v2:
    - Add an appropriate `Fixes` tag. (Suggested by Arnd Bergmann
      <arnd@arndb.de>)

 drivers/firewire/core-cdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
 {
 	struct fw_card *card = client->device->card;
 
+	memset(event, 0, sizeof(*event));
+
 	spin_lock_irq(&card->lock);
 
 	event->closure	     = client->bus_reset_closure;
-- 
2.25.1

_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees

^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2020-07-27 15:46 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-27 15:15 [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info() Peilin Ye
2020-07-27 15:15 ` Peilin Ye
2020-07-27 15:35 ` Arnd Bergmann
2020-07-27 15:35   ` Arnd Bergmann
2020-07-27 15:40   ` Peilin Ye
2020-07-27 15:40     ` Peilin Ye
2020-07-27 15:45 ` [Linux-kernel-mentees] [PATCH v2] " Peilin Ye
2020-07-27 15:45   ` Peilin Ye

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.