linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch] gru: info leak in gru_get_config_info()
@ 2013-04-21 11:10 Dan Carpenter
  2013-04-21 11:56 ` walter harms
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-04-21 11:10 UTC (permalink / raw)
  To: Dimitri Sivanich; +Cc: Robin Holt, linux-kernel, kernel-janitors

The "info.fill" array isn't initialized so it can leak uninitialized
stack information to user space.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
index 44d273c..ed5fc43 100644
--- a/drivers/misc/sgi-gru/grufile.c
+++ b/drivers/misc/sgi-gru/grufile.c
@@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
 	info.nodes = num_online_nodes();
 	info.blades = info.nodes / nodesperblade;
 	info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
+	memset(&info.fill, 0, sizeof(info.fill));
 
 	if (copy_to_user((void __user *)arg, &info, sizeof(info)))
 		return -EFAULT;

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [patch] gru: info leak in gru_get_config_info()
  2013-04-21 11:10 [patch] gru: info leak in gru_get_config_info() Dan Carpenter
@ 2013-04-21 11:56 ` walter harms
  2013-04-21 13:19   ` Robin Holt
  0 siblings, 1 reply; 6+ messages in thread
From: walter harms @ 2013-04-21 11:56 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Dimitri Sivanich, Robin Holt, linux-kernel, kernel-janitors



Am 21.04.2013 13:10, schrieb Dan Carpenter:
> The "info.fill" array isn't initialized so it can leak uninitialized
> stack information to user space.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> index 44d273c..ed5fc43 100644
> --- a/drivers/misc/sgi-gru/grufile.c
> +++ b/drivers/misc/sgi-gru/grufile.c
> @@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
>  	info.nodes = num_online_nodes();
>  	info.blades = info.nodes / nodesperblade;
>  	info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
> +	memset(&info.fill, 0, sizeof(info.fill));
>  

the other way around (clear first all bytes) looks more easy
in case someone will add more elements to the struct.

memset(&info, 0, sizeof(info));
info.nodes = num_online_nodes();
info.blades = info.nodes / nodesperblade;
....

re,
 wh


>  	if (copy_to_user((void __user *)arg, &info, sizeof(info)))
>  		return -EFAULT;
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [patch] gru: info leak in gru_get_config_info()
  2013-04-21 11:56 ` walter harms
@ 2013-04-21 13:19   ` Robin Holt
  2013-04-21 17:01     ` [patch v2] " Dan Carpenter
  0 siblings, 1 reply; 6+ messages in thread
From: Robin Holt @ 2013-04-21 13:19 UTC (permalink / raw)
  To: walter harms
  Cc: Dan Carpenter, Dimitri Sivanich, Robin Holt, linux-kernel,
	kernel-janitors

On Sun, Apr 21, 2013 at 01:56:57PM +0200, walter harms wrote:
> 
> 
> Am 21.04.2013 13:10, schrieb Dan Carpenter:
> > The "info.fill" array isn't initialized so it can leak uninitialized
> > stack information to user space.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > 
> > diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> > index 44d273c..ed5fc43 100644
> > --- a/drivers/misc/sgi-gru/grufile.c
> > +++ b/drivers/misc/sgi-gru/grufile.c
> > @@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
> >  	info.nodes = num_online_nodes();
> >  	info.blades = info.nodes / nodesperblade;
> >  	info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
> > +	memset(&info.fill, 0, sizeof(info.fill));
> >  
> 
> the other way around (clear first all bytes) looks more easy
> in case someone will add more elements to the struct.
> 
> memset(&info, 0, sizeof(info));
> info.nodes = num_online_nodes();
> info.blades = info.nodes / nodesperblade;

That does seem more safe.

Robin

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [patch v2] gru: info leak in gru_get_config_info()
  2013-04-21 13:19   ` Robin Holt
@ 2013-04-21 17:01     ` Dan Carpenter
  2013-04-21 17:33       ` Dimitri Sivanich
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-04-21 17:01 UTC (permalink / raw)
  To: Dimitri Sivanich; +Cc: Robin Holt, linux-kernel, kernel-janitors, walter harms

The "info.fill" array isn't initialized so it can leak uninitialized
stack information to user space.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: style changes

diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
index 44d273c..0535d1e 100644
--- a/drivers/misc/sgi-gru/grufile.c
+++ b/drivers/misc/sgi-gru/grufile.c
@@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
 		nodesperblade = 2;
 	else
 		nodesperblade = 1;
+	memset(&info, 0, sizeof(info));
 	info.cpus = num_online_cpus();
 	info.nodes = num_online_nodes();
 	info.blades = info.nodes / nodesperblade;

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [patch v2] gru: info leak in gru_get_config_info()
  2013-04-21 17:01     ` [patch v2] " Dan Carpenter
@ 2013-04-21 17:33       ` Dimitri Sivanich
  2013-04-22 16:41         ` Robin Holt
  0 siblings, 1 reply; 6+ messages in thread
From: Dimitri Sivanich @ 2013-04-21 17:33 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Robin Holt, linux-kernel, kernel-janitors, walter harms

Acked-by: Dimitri Sivanich <sivanich@sgi.com>

On Sun, Apr 21, 2013 at 08:01:07PM +0300, Dan Carpenter wrote:
> The "info.fill" array isn't initialized so it can leak uninitialized
> stack information to user space.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: style changes
> 
> diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> index 44d273c..0535d1e 100644
> --- a/drivers/misc/sgi-gru/grufile.c
> +++ b/drivers/misc/sgi-gru/grufile.c
> @@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
>  		nodesperblade = 2;
>  	else
>  		nodesperblade = 1;
> +	memset(&info, 0, sizeof(info));
>  	info.cpus = num_online_cpus();
>  	info.nodes = num_online_nodes();
>  	info.blades = info.nodes / nodesperblade;

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [patch v2] gru: info leak in gru_get_config_info()
  2013-04-21 17:33       ` Dimitri Sivanich
@ 2013-04-22 16:41         ` Robin Holt
  0 siblings, 0 replies; 6+ messages in thread
From: Robin Holt @ 2013-04-22 16:41 UTC (permalink / raw)
  To: Dimitri Sivanich
  Cc: Dan Carpenter, Robin Holt, linux-kernel, kernel-janitors, walter harms

Acked-by: Robin Holt <holt@sgi.com>
On Sun, Apr 21, 2013 at 12:33:34PM -0500, Dimitri Sivanich wrote:
> Acked-by: Dimitri Sivanich <sivanich@sgi.com>
> 
> On Sun, Apr 21, 2013 at 08:01:07PM +0300, Dan Carpenter wrote:
> > The "info.fill" array isn't initialized so it can leak uninitialized
> > stack information to user space.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > v2: style changes
> > 
> > diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> > index 44d273c..0535d1e 100644
> > --- a/drivers/misc/sgi-gru/grufile.c
> > +++ b/drivers/misc/sgi-gru/grufile.c
> > @@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
> >  		nodesperblade = 2;
> >  	else
> >  		nodesperblade = 1;
> > +	memset(&info, 0, sizeof(info));
> >  	info.cpus = num_online_cpus();
> >  	info.nodes = num_online_nodes();
> >  	info.blades = info.nodes / nodesperblade;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-04-22 16:41 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-21 11:10 [patch] gru: info leak in gru_get_config_info() Dan Carpenter
2013-04-21 11:56 ` walter harms
2013-04-21 13:19   ` Robin Holt
2013-04-21 17:01     ` [patch v2] " Dan Carpenter
2013-04-21 17:33       ` Dimitri Sivanich
2013-04-22 16:41         ` Robin Holt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).