Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp320707ybg; Tue, 28 Jul 2020 07:00:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBI4pdH8UvKY4H0t2aIxthpH+8CNVxQORcXkr+dn3Wk2c0V3iTChTvSolHbGyJqSTeaNQx X-Received: by 2002:a17:906:d159:: with SMTP id br25mr15065827ejb.16.1595944814045; Tue, 28 Jul 2020 07:00:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595944814; cv=none; d=google.com; s=arc-20160816; b=h4+k3E/Ajt0/of7++WBF9SIgGGV1DVlVaRcWSWtY0ZGNu1WHZIhnmuj3WDFTJAZR60 tV6lN/bcQeeXxzYeFpqYt9iXIwl+1VzdrjfIWi934fqyedGvVNGdIbOmU8kMqzv4j5pz VPwY4HH0faTUQdbQ378fb549BY8uhtvMH2LGlWneuBtcohy4ke85DzlnFFWZrKBfiGkJ 1438qu5Zfr47pVMp3+iuYTxLUIDCVfqJFkhwVrYFEUX9+pZkGAGCXWtuDusxhyOEnFYJ lJ4EjUP3wQ9UDDL9NmK/GZvHyB6I+RRwUTpbNTDVhfxsyOyC8160ZpnQDLSEOAklRjb2 pMKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=C+LYzOxSJpdu9xqstazzn9ps0I5ZArfFr1aXhl8irUI=; b=hy4NV6LCzdEhJdHBFSLAK0WwvPCio+pVxaKzdy+WnswL2fqrmp6PvKvXW64RTnVfut qtLtJ4AyyJHcS92ufmuhN7BMpv5v4DcHFEf9zXLz9/9ySlXn3k1zmb9OCgR+136hSwkd h2QOq1yGmcx6okb3+bH8P5G1YJCcmf6xwJuIB3cESCBSavMQxrFUEuzuMwbhjqWafXPH 2qG/qgqV9x+jhDsT+7FfRwmw0pKh/T7S3Po1QYH32i26Tf1LrjIsMr3c1gyZwDeXUb2D ewy68oB01FOiG3JveU5gUfBqZBLLFjPnnTE7bS4RzKyRLZMEofMKY7vOgupG3ZCRgegf x5hw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l18si2993750edq.425.2020.07.28.06.59.50; Tue, 28 Jul 2020 07:00:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730272AbgG1N6l (ORCPT + 99 others); Tue, 28 Jul 2020 09:58:41 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:58177 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730245AbgG1N6k (ORCPT ); Tue, 28 Jul 2020 09:58:40 -0400 Received: from mail-qt1-f170.google.com ([209.85.160.170]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.129]) with ESMTPSA (Nemesis) id 1MiJEc-1kfogj00lq-00fQ2X; Tue, 28 Jul 2020 15:58:39 +0200 Received: by mail-qt1-f170.google.com with SMTP id s16so14852782qtn.7; Tue, 28 Jul 2020 06:58:38 -0700 (PDT) X-Gm-Message-State: AOAM532ED7pYfMVpHkIdd70P/m+QDTMTWwMcnZw8ZFg+5ipGq36vYPZJ OPq70pLVcA20jVOvMPJ6hSjYFwS63jQHTYxuzIw= X-Received: by 2002:ac8:5195:: with SMTP id c21mr12200851qtn.304.1595944717799; Tue, 28 Jul 2020 06:58:37 -0700 (PDT) MIME-Version: 1.0 References: <20200726220557.102300-1-yepeilin.cs@gmail.com> <20200726222703.102701-1-yepeilin.cs@gmail.com> <20200727131608.GD1913@kadam> <20200728130632.GI1913@kadam> In-Reply-To: <20200728130632.GI1913@kadam> From: Arnd Bergmann Date: Tue, 28 Jul 2020 15:58:21 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix kernel-infoleak in video_put_user() To: Dan Carpenter Cc: Linus Walleij , Peilin Ye , Mauro Carvalho Chehab , Greg Kroah-Hartman , syzkaller-bugs , Hans Verkuil , Sakari Ailus , Laurent Pinchart , Vandana BN , Ezequiel Garcia , =?UTF-8?Q?Niklas_S=C3=B6derlund?= , linux-kernel-mentees@lists.linuxfoundation.org, Linux Media Mailing List , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:Z5iHW/C9P5Nl85OcBzVakBrqWM4lrfuNf/SQq8hrr0QV3dyVsUu IVmBk5jybQpiDhpTJEUEfuql9PZLvDPTMXIkZXu9RUhcIoupMGC5ivPlyaN+ZX+WdJ73xoz laBDBwmzOeAtkAg+h8+ZbbAocYSr6uPnlCP2wZNYZ2ufWvtmBrgrdvTo+gJdtou0A/7KSew 136lzHuvUO6dyC9MHhR6w== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:abpZXgSh0J8=:7Ulpbons82EHMSBOYjqD5X mAh0ss9eDi6VPTk4uphhfDi7Hl/Me2mKhGuoWnECtgKohzKalxG+/573kRNI5sfMUDWVA6k44 OJSnCfLnsbXHlRxs1wALVKcoBADg4PylyIbJiCbZTwzwDxYu5pkEKKT/uT8GQ09tae0kKXiJ1 Rn/JqHqVarnQKYXiXVvN7qilchteRaSgkfC7gfKqZWdeEIwT0pzgR7O8yzJBrVEmdjLO/LC/G V3sCJjKM6SjJ8SJQRg7zPKnBHc3vRohe7CJx8B6kYYkG50mH8d3Wr83VT9aqmVGUNQuJldNLq 7CMByJ2MgKaauSMMG7mZ+5ccau9nHGi8OyCACbJGoQOxd8sbBmnH8zUbDaI1LshfFL6Z5TvXL taLWy67OUTTXjGPfj+DErwrF/GZTOoYZbHbKL8MzxDrV/kvGY+dR2fgBOF4Qc0lkqzI57SN68 1LeIfPIzQRZuVw57+nlrPAfwgvTzuHNje+oIubf3Q7I7GrOcrL0Zam8NEQbOGEDYFm+9VJfay SLnFIvdxspRcsN5uoyux3OlUAiwaKrCP7wRuifGmxBdz1rEk7AGz9NE7Ws56US7KfUUcQelaJ RQ8hyHcDKYRmrIocqJCLqt8bGZUqVlkzzF9lJOf4ZYLC8H8QYyCHD+WqoYTRGtcjiDlQicpIX 8NI0LBGCVEJ4/eb1OQFlE/wlxkRDY2LJ0Y+yw4DRVQlQnJmG7Gxp/z94YeLEaZ5k2q5ivYvyU MgPyhs67KLxEsbpoXQPmz35cvAciHCKS9YQjNbXKrThvgPEzxH12n2S/HKowfCACrRuoi5KEB AykIp/7b4HOc7IYX3vC1ATba5bA5o38HSVmaWRHB9DlSSI/qoL1Dkw1yniqkuzOqQ8MLNu/ Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 28, 2020 at 3:06 PM Dan Carpenter wrote: > > On Tue, Jul 28, 2020 at 02:22:29PM +0200, Linus Walleij wrote: > > On Mon, Jul 27, 2020 at 3:17 PM Dan Carpenter wrote: > > > > > Here are my latest warnings on linux-next from Friday. > > > > Thanks for sharing this Dan, very interesting findings. > > > > > drivers/gpio/gpiolib-cdev.c:473 lineevent_read() warn: check that 'ge' doesn't leak information (struct has a hole after 'id') > > > > We are revamping the ABI for 64bit compatibility so we are now running > > pahole on our stuff. I suppose we need to think about mending this old ABI > > as well. > > Yeah... But this one is a false positive. It's not super hard for me > to silence it actually. I'll take care of it. It could be a while > before I push this to the public repository though... The lineevent_read() function still needs to be fixed to support 32-bit compat mode on x86, which is independent of the warning. Something like static int lineevent_put_data(void __user *uptr, struct gpioevent_data *ge) { #ifdef __x86_64__ /* i386 has no padding after 'id' */ if (in_ia32_syscall()) { struct { compat_u64 timestamp __packed; u32 id; } compat_ge = { ge->timestamp, ge->id }; if (copy_to_user(uptr, &compat_ge, sizeof(compat_ge))) return -EFAULT; return sizeof(compat_ge); } #endif if (copy_to_user(uptr, ge, sizeof(*ge)) return -EFAULT; return sizeof(*ge); } Arnd