* [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:15 ` Peilin Ye
0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:15 UTC (permalink / raw)
To: Stefan Richter
Cc: Peilin Ye, Dan Carpenter, Arnd Bergmann, Greg Kroah-Hartman,
linux-kernel-mentees, linux1394-devel, linux-kernel
ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().
Cc: stable@vger.kernel.org
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
drivers/firewire/core-cdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
{
struct fw_card *card = client->device->card;
+ memset(event, 0, sizeof(*event));
+
spin_lock_irq(&card->lock);
event->closure = client->bus_reset_closure;
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:15 ` Peilin Ye
0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:15 UTC (permalink / raw)
To: Stefan Richter
Cc: Arnd Bergmann, linux-kernel, linux1394-devel,
linux-kernel-mentees, Peilin Ye, Dan Carpenter
ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().
Cc: stable@vger.kernel.org
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
drivers/firewire/core-cdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
{
struct fw_card *card = client->device->card;
+ memset(event, 0, sizeof(*event));
+
spin_lock_irq(&card->lock);
event->closure = client->bus_reset_closure;
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
2020-07-27 15:15 ` Peilin Ye
@ 2020-07-27 15:35 ` Arnd Bergmann
-1 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2020-07-27 15:35 UTC (permalink / raw)
To: Peilin Ye
Cc: Stefan Richter, Dan Carpenter, Greg Kroah-Hartman,
linux-kernel-mentees, linux1394-devel, linux-kernel
On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
>
> ioctl_get_info() is copying uninitialized stack memory to userspace due to
> the compiler not initializing holes in statically allocated structures.
> Fix it by initializing `event` using memset() in fill_bus_reset_event().
>
> Cc: stable@vger.kernel.org
> Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
I would recommend always looking through the git history of the
file to come up with an appropriate 'Fixes' tag. In this case
$ git log -p --follow drivers/firewire/core-cdev.c
searching for any mention of fill_bus_reset_event leads you to
commit 344bbc4de14e.
In my ~/.gitconfig I have this alias:
[core]
abbrev = 12
[alias]
fixes = show --format='Fixes: %h (\"%s\")' -s
With something like that, calling 'git fixes 344bbc4de14e' produces
the line to copy:
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Arnd
> ---
> drivers/firewire/core-cdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
> index fb6c651214f3..2341d762df5b 100644
> --- a/drivers/firewire/core-cdev.c
> +++ b/drivers/firewire/core-cdev.c
> @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
> {
> struct fw_card *card = client->device->card;
>
> + memset(event, 0, sizeof(*event));
> +
> spin_lock_irq(&card->lock);
>
> event->closure = client->bus_reset_closure;
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:35 ` Arnd Bergmann
0 siblings, 0 replies; 8+ messages in thread
From: Arnd Bergmann @ 2020-07-27 15:35 UTC (permalink / raw)
To: Peilin Ye
Cc: linux-kernel, Stefan Richter, linux1394-devel,
linux-kernel-mentees, Dan Carpenter
On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
>
> ioctl_get_info() is copying uninitialized stack memory to userspace due to
> the compiler not initializing holes in statically allocated structures.
> Fix it by initializing `event` using memset() in fill_bus_reset_event().
>
> Cc: stable@vger.kernel.org
> Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
I would recommend always looking through the git history of the
file to come up with an appropriate 'Fixes' tag. In this case
$ git log -p --follow drivers/firewire/core-cdev.c
searching for any mention of fill_bus_reset_event leads you to
commit 344bbc4de14e.
In my ~/.gitconfig I have this alias:
[core]
abbrev = 12
[alias]
fixes = show --format='Fixes: %h (\"%s\")' -s
With something like that, calling 'git fixes 344bbc4de14e' produces
the line to copy:
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Arnd
> ---
> drivers/firewire/core-cdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
> index fb6c651214f3..2341d762df5b 100644
> --- a/drivers/firewire/core-cdev.c
> +++ b/drivers/firewire/core-cdev.c
> @@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
> {
> struct fw_card *card = client->device->card;
>
> + memset(event, 0, sizeof(*event));
> +
> spin_lock_irq(&card->lock);
>
> event->closure = client->bus_reset_closure;
> --
> 2.25.1
>
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
2020-07-27 15:35 ` Arnd Bergmann
@ 2020-07-27 15:40 ` Peilin Ye
-1 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:40 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Stefan Richter, Dan Carpenter, Greg Kroah-Hartman,
linux-kernel-mentees, linux1394-devel, linux-kernel
On Mon, Jul 27, 2020 at 05:35:12PM +0200, Arnd Bergmann wrote:
> On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > ioctl_get_info() is copying uninitialized stack memory to userspace due to
> > the compiler not initializing holes in statically allocated structures.
> > Fix it by initializing `event` using memset() in fill_bus_reset_event().
> >
> > Cc: stable@vger.kernel.org
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Suggested-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
>
> Acked-by: Arnd Bergmann <arnd@arndb.de>
>
> I would recommend always looking through the git history of the
> file to come up with an appropriate 'Fixes' tag. In this case
>
> $ git log -p --follow drivers/firewire/core-cdev.c
>
> searching for any mention of fill_bus_reset_event leads you to
> commit 344bbc4de14e.
>
> In my ~/.gitconfig I have this alias:
>
> [core]
> abbrev = 12
> [alias]
> fixes = show --format='Fixes: %h (\"%s\")' -s
>
> With something like that, calling 'git fixes 344bbc4de14e' produces
> the line to copy:
>
> Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Thank you for the advice! Actually I did all of that (manually...) but
wasn't sure whether I should add it on. I will send a v2 soon, and do so
for future patches.
Thank you,
Peilin Ye
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:40 ` Peilin Ye
0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:40 UTC (permalink / raw)
To: Arnd Bergmann
Cc: linux-kernel, Stefan Richter, linux1394-devel,
linux-kernel-mentees, Dan Carpenter
On Mon, Jul 27, 2020 at 05:35:12PM +0200, Arnd Bergmann wrote:
> On Mon, Jul 27, 2020 at 5:18 PM Peilin Ye <yepeilin.cs@gmail.com> wrote:
> >
> > ioctl_get_info() is copying uninitialized stack memory to userspace due to
> > the compiler not initializing holes in statically allocated structures.
> > Fix it by initializing `event` using memset() in fill_bus_reset_event().
> >
> > Cc: stable@vger.kernel.org
> > Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Suggested-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
>
> Acked-by: Arnd Bergmann <arnd@arndb.de>
>
> I would recommend always looking through the git history of the
> file to come up with an appropriate 'Fixes' tag. In this case
>
> $ git log -p --follow drivers/firewire/core-cdev.c
>
> searching for any mention of fill_bus_reset_event leads you to
> commit 344bbc4de14e.
>
> In my ~/.gitconfig I have this alias:
>
> [core]
> abbrev = 12
> [alias]
> fixes = show --format='Fixes: %h (\"%s\")' -s
>
> With something like that, calling 'git fixes 344bbc4de14e' produces
> the line to copy:
>
> Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Thank you for the advice! Actually I did all of that (manually...) but
wasn't sure whether I should add it on. I will send a v2 soon, and do so
for future patches.
Thank you,
Peilin Ye
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Linux-kernel-mentees] [PATCH v2] firewire: Prevent kernel-infoleak in ioctl_get_info()
2020-07-27 15:15 ` Peilin Ye
@ 2020-07-27 15:45 ` Peilin Ye
-1 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:45 UTC (permalink / raw)
To: Stefan Richter
Cc: Peilin Ye, Dan Carpenter, Arnd Bergmann, Greg Kroah-Hartman,
linux-kernel-mentees, linux1394-devel, linux-kernel
ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().
Cc: stable@vger.kernel.org
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
Change in v2:
- Add an appropriate `Fixes` tag. (Suggested by Arnd Bergmann
<arnd@arndb.de>)
drivers/firewire/core-cdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
{
struct fw_card *card = client->device->card;
+ memset(event, 0, sizeof(*event));
+
spin_lock_irq(&card->lock);
event->closure = client->bus_reset_closure;
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Linux-kernel-mentees] [PATCH v2] firewire: Prevent kernel-infoleak in ioctl_get_info()
@ 2020-07-27 15:45 ` Peilin Ye
0 siblings, 0 replies; 8+ messages in thread
From: Peilin Ye @ 2020-07-27 15:45 UTC (permalink / raw)
To: Stefan Richter
Cc: Arnd Bergmann, linux-kernel, linux1394-devel,
linux-kernel-mentees, Peilin Ye, Dan Carpenter
ioctl_get_info() is copying uninitialized stack memory to userspace due to
the compiler not initializing holes in statically allocated structures.
Fix it by initializing `event` using memset() in fill_bus_reset_event().
Cc: stable@vger.kernel.org
Fixes: 344bbc4de14e ("firewire: Generalize get_config_rom to get_info.")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
Change in v2:
- Add an appropriate `Fixes` tag. (Suggested by Arnd Bergmann
<arnd@arndb.de>)
drivers/firewire/core-cdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index fb6c651214f3..2341d762df5b 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -340,6 +340,8 @@ static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
{
struct fw_card *card = client->device->card;
+ memset(event, 0, sizeof(*event));
+
spin_lock_irq(&card->lock);
event->closure = client->bus_reset_closure;
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-07-27 15:46 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-27 15:15 [Linux-kernel-mentees] [PATCH] firewire: Prevent kernel-infoleak in ioctl_get_info() Peilin Ye
2020-07-27 15:15 ` Peilin Ye
2020-07-27 15:35 ` Arnd Bergmann
2020-07-27 15:35 ` Arnd Bergmann
2020-07-27 15:40 ` Peilin Ye
2020-07-27 15:40 ` Peilin Ye
2020-07-27 15:45 ` [Linux-kernel-mentees] [PATCH v2] " Peilin Ye
2020-07-27 15:45 ` Peilin Ye
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.