* [patch] gru: info leak in gru_get_config_info()
@ 2013-04-21 11:10 Dan Carpenter
2013-04-21 11:56 ` walter harms
0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-04-21 11:10 UTC (permalink / raw)
To: Dimitri Sivanich; +Cc: Robin Holt, linux-kernel, kernel-janitors
The "info.fill" array isn't initialized so it can leak uninitialized
stack information to user space.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
index 44d273c..ed5fc43 100644
--- a/drivers/misc/sgi-gru/grufile.c
+++ b/drivers/misc/sgi-gru/grufile.c
@@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
info.nodes = num_online_nodes();
info.blades = info.nodes / nodesperblade;
info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
+ memset(&info.fill, 0, sizeof(info.fill));
if (copy_to_user((void __user *)arg, &info, sizeof(info)))
return -EFAULT;
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [patch] gru: info leak in gru_get_config_info()
2013-04-21 11:10 [patch] gru: info leak in gru_get_config_info() Dan Carpenter
@ 2013-04-21 11:56 ` walter harms
2013-04-21 13:19 ` Robin Holt
0 siblings, 1 reply; 6+ messages in thread
From: walter harms @ 2013-04-21 11:56 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Dimitri Sivanich, Robin Holt, linux-kernel, kernel-janitors
Am 21.04.2013 13:10, schrieb Dan Carpenter:
> The "info.fill" array isn't initialized so it can leak uninitialized
> stack information to user space.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> index 44d273c..ed5fc43 100644
> --- a/drivers/misc/sgi-gru/grufile.c
> +++ b/drivers/misc/sgi-gru/grufile.c
> @@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
> info.nodes = num_online_nodes();
> info.blades = info.nodes / nodesperblade;
> info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
> + memset(&info.fill, 0, sizeof(info.fill));
>
the other way around (clear first all bytes) looks more easy
in case someone will add more elements to the struct.
memset(&info, 0, sizeof(info));
info.nodes = num_online_nodes();
info.blades = info.nodes / nodesperblade;
....
re,
wh
> if (copy_to_user((void __user *)arg, &info, sizeof(info)))
> return -EFAULT;
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] gru: info leak in gru_get_config_info()
2013-04-21 11:56 ` walter harms
@ 2013-04-21 13:19 ` Robin Holt
2013-04-21 17:01 ` [patch v2] " Dan Carpenter
0 siblings, 1 reply; 6+ messages in thread
From: Robin Holt @ 2013-04-21 13:19 UTC (permalink / raw)
To: walter harms
Cc: Dan Carpenter, Dimitri Sivanich, Robin Holt, linux-kernel,
kernel-janitors
On Sun, Apr 21, 2013 at 01:56:57PM +0200, walter harms wrote:
>
>
> Am 21.04.2013 13:10, schrieb Dan Carpenter:
> > The "info.fill" array isn't initialized so it can leak uninitialized
> > stack information to user space.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> > index 44d273c..ed5fc43 100644
> > --- a/drivers/misc/sgi-gru/grufile.c
> > +++ b/drivers/misc/sgi-gru/grufile.c
> > @@ -176,6 +176,7 @@ static long gru_get_config_info(unsigned long arg)
> > info.nodes = num_online_nodes();
> > info.blades = info.nodes / nodesperblade;
> > info.chiplets = GRU_CHIPLETS_PER_BLADE * info.blades;
> > + memset(&info.fill, 0, sizeof(info.fill));
> >
>
> the other way around (clear first all bytes) looks more easy
> in case someone will add more elements to the struct.
>
> memset(&info, 0, sizeof(info));
> info.nodes = num_online_nodes();
> info.blades = info.nodes / nodesperblade;
That does seem more safe.
Robin
^ permalink raw reply [flat|nested] 6+ messages in thread
* [patch v2] gru: info leak in gru_get_config_info()
2013-04-21 13:19 ` Robin Holt
@ 2013-04-21 17:01 ` Dan Carpenter
2013-04-21 17:33 ` Dimitri Sivanich
0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2013-04-21 17:01 UTC (permalink / raw)
To: Dimitri Sivanich; +Cc: Robin Holt, linux-kernel, kernel-janitors, walter harms
The "info.fill" array isn't initialized so it can leak uninitialized
stack information to user space.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: style changes
diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
index 44d273c..0535d1e 100644
--- a/drivers/misc/sgi-gru/grufile.c
+++ b/drivers/misc/sgi-gru/grufile.c
@@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
nodesperblade = 2;
else
nodesperblade = 1;
+ memset(&info, 0, sizeof(info));
info.cpus = num_online_cpus();
info.nodes = num_online_nodes();
info.blades = info.nodes / nodesperblade;
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [patch v2] gru: info leak in gru_get_config_info()
2013-04-21 17:01 ` [patch v2] " Dan Carpenter
@ 2013-04-21 17:33 ` Dimitri Sivanich
2013-04-22 16:41 ` Robin Holt
0 siblings, 1 reply; 6+ messages in thread
From: Dimitri Sivanich @ 2013-04-21 17:33 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Robin Holt, linux-kernel, kernel-janitors, walter harms
Acked-by: Dimitri Sivanich <sivanich@sgi.com>
On Sun, Apr 21, 2013 at 08:01:07PM +0300, Dan Carpenter wrote:
> The "info.fill" array isn't initialized so it can leak uninitialized
> stack information to user space.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: style changes
>
> diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> index 44d273c..0535d1e 100644
> --- a/drivers/misc/sgi-gru/grufile.c
> +++ b/drivers/misc/sgi-gru/grufile.c
> @@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
> nodesperblade = 2;
> else
> nodesperblade = 1;
> + memset(&info, 0, sizeof(info));
> info.cpus = num_online_cpus();
> info.nodes = num_online_nodes();
> info.blades = info.nodes / nodesperblade;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch v2] gru: info leak in gru_get_config_info()
2013-04-21 17:33 ` Dimitri Sivanich
@ 2013-04-22 16:41 ` Robin Holt
0 siblings, 0 replies; 6+ messages in thread
From: Robin Holt @ 2013-04-22 16:41 UTC (permalink / raw)
To: Dimitri Sivanich
Cc: Dan Carpenter, Robin Holt, linux-kernel, kernel-janitors, walter harms
Acked-by: Robin Holt <holt@sgi.com>
On Sun, Apr 21, 2013 at 12:33:34PM -0500, Dimitri Sivanich wrote:
> Acked-by: Dimitri Sivanich <sivanich@sgi.com>
>
> On Sun, Apr 21, 2013 at 08:01:07PM +0300, Dan Carpenter wrote:
> > The "info.fill" array isn't initialized so it can leak uninitialized
> > stack information to user space.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > v2: style changes
> >
> > diff --git a/drivers/misc/sgi-gru/grufile.c b/drivers/misc/sgi-gru/grufile.c
> > index 44d273c..0535d1e 100644
> > --- a/drivers/misc/sgi-gru/grufile.c
> > +++ b/drivers/misc/sgi-gru/grufile.c
> > @@ -172,6 +172,7 @@ static long gru_get_config_info(unsigned long arg)
> > nodesperblade = 2;
> > else
> > nodesperblade = 1;
> > + memset(&info, 0, sizeof(info));
> > info.cpus = num_online_cpus();
> > info.nodes = num_online_nodes();
> > info.blades = info.nodes / nodesperblade;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-04-22 16:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-21 11:10 [patch] gru: info leak in gru_get_config_info() Dan Carpenter
2013-04-21 11:56 ` walter harms
2013-04-21 13:19 ` Robin Holt
2013-04-21 17:01 ` [patch v2] " Dan Carpenter
2013-04-21 17:33 ` Dimitri Sivanich
2013-04-22 16:41 ` Robin Holt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).