Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1102697ybg; Wed, 29 Jul 2020 06:03:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDi0500rDOMCdQVNTUjBTLNBTr8vgMAtwwvShXvvTmmN22HpCiIcjo5oFcI+j0nrhiaAJn X-Received: by 2002:a17:906:36da:: with SMTP id b26mr21396284ejc.45.1596027837648; Wed, 29 Jul 2020 06:03:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596027837; cv=none; d=google.com; s=arc-20160816; b=JiO1E/RqtpDgPAwTBOXeGOJfbH6sWKXkEbchmknCI9NsxB39quzPC+tS0JkSwFZdfH a/19LWvauyv0uEAWKppFQ0flsIVgAT0KoIJ/d8WMS6n2IzKeOF57kPggVVCK+hVrPyyq fS2GLkNgW8fZjDhZk6bPlg2iCbAAqRqnbAqYaXcZGF1odcktb3KnaiKcIiskRBz5Q1Y/ 8Xe1PSm/3LjTnDE8/hbOJoYolnxzmHpFnhiVCiplhH9uZ+t8M+5kLcGCSEisJl8L+gMn wET1cLw4fECqfpg6kFJiYDxIbj54LDRO0aUT4iF1Vm/ROEiNuclRX12u2FMG9NbmWWSI WpDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=jaQuyA6C1jRHiZELKKWMXOfPZ+D3+22J6ZUEhDnItjM=; b=ft80oTQFudc/Gmnst1urZgbBbJx+BTLRbZESVcIdqs5R251w8/jtFsnxrFlihWTxnB Bm/obBiVM73I6zTEEfBplmjLYe8lPzEOWP5aHWsp1dmI44jjhskXTaZJG15CergLx7j5 6Jb+xXn5Mq5CkNwcok5pxZTr0Y88wxZYrA61q1F9ezwrM1y4qlCuJUFY8d231dgeUR6E /tIuvtbVLLsnv/LoeorTUW2AxvpIHTpQzImZFOGEnaS6+fsDCuy/oRKM9J7A6nBFyIBn pbnPmIEolwvfaDouX6wrYuzkA41Nex0Z7g227O2xMpTXcIkoGZ3znUNjIUMs/3veQ/Q+ awcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mDT87QBq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c12si1220661edr.247.2020.07.29.06.03.25; Wed, 29 Jul 2020 06:03:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mDT87QBq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727001AbgG2NAm (ORCPT + 99 others); Wed, 29 Jul 2020 09:00:42 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:60862 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726353AbgG2NAl (ORCPT ); Wed, 29 Jul 2020 09:00:41 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 06TCvndZ152566; Wed, 29 Jul 2020 13:00:32 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2020-01-29; bh=jaQuyA6C1jRHiZELKKWMXOfPZ+D3+22J6ZUEhDnItjM=; b=mDT87QBqMdBvvU9frqss3iVQYCN/e4/VkJkT7M7GsU4uePNMxn8J6bYbfO0kuM/qioXt vgDBdOvWMwmqFu9X6bnc6lg4FxAIHMqxqsqsVFqLGTnFdOYE3GKD/aHT9LAD/jO/C9S9 y86CEbYrqfHANp0SrMa6Hzb8hNQSMJkqsobIu4ksF4HXkgY514F7fI75alhX3fuTeiRv WjUao04UA7DPFuqmMLPS9xX4Pq/Kl5R/fPSmIOrZ1nj1x9lxdk7W4htvtuyi+Av/owTx 5+O0190yt+DYazFeXPp1O6rBMz84coQVL7OuoBPIRMwye5vvqUbwUxSKhaqhKNohZiLa dw== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 32hu1jndpj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 29 Jul 2020 13:00:32 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 06TCqk4a134381; Wed, 29 Jul 2020 12:58:32 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserp3030.oracle.com with ESMTP id 32hu5vqcd3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 29 Jul 2020 12:58:31 +0000 Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 06TCwRQi030074; Wed, 29 Jul 2020 12:58:27 GMT Received: from kadam (/41.57.98.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 29 Jul 2020 05:58:27 -0700 Date: Wed, 29 Jul 2020 15:58:20 +0300 From: Dan Carpenter To: Peilin Ye Cc: Denis Efremov , Jens Axboe , Arnd Bergmann , Greg Kroah-Hartman , linux-kernel-mentees@lists.linuxfoundation.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout() Message-ID: <20200729125820.GB1840@kadam> References: <20200728141946.426245-1-yepeilin.cs@gmail.com> <20200729115157.8519-1-yepeilin.cs@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200729115157.8519-1-yepeilin.cs@gmail.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9696 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 spamscore=0 phishscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007290085 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9696 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 mlxlogscore=999 malwarescore=0 impostorscore=0 priorityscore=1501 spamscore=0 phishscore=0 suspectscore=0 bulkscore=0 mlxscore=0 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007290085 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Argh... This isn't right still. The "ptr" comes from raw_cmd_copyin() ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_KERNEL); The struct hole could still be uninitialized from kmalloc() and instead of from the stack. Smatch is only looking for the common stack info leaks and doesn't worn about holes in kmalloc()ed memory. regards, dan carpenter