Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1102697ybg;
        Wed, 29 Jul 2020 06:03:57 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzDi0500rDOMCdQVNTUjBTLNBTr8vgMAtwwvShXvvTmmN22HpCiIcjo5oFcI+j0nrhiaAJn
X-Received: by 2002:a17:906:36da:: with SMTP id b26mr21396284ejc.45.1596027837648;
        Wed, 29 Jul 2020 06:03:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1596027837; cv=none;
        d=google.com; s=arc-20160816;
        b=JiO1E/RqtpDgPAwTBOXeGOJfbH6sWKXkEbchmknCI9NsxB39quzPC+tS0JkSwFZdfH
         a/19LWvauyv0uEAWKppFQ0flsIVgAT0KoIJ/d8WMS6n2IzKeOF57kPggVVCK+hVrPyyq
         fS2GLkNgW8fZjDhZk6bPlg2iCbAAqRqnbAqYaXcZGF1odcktb3KnaiKcIiskRBz5Q1Y/
         8Xe1PSm/3LjTnDE8/hbOJoYolnxzmHpFnhiVCiplhH9uZ+t8M+5kLcGCSEisJl8L+gMn
         wET1cLw4fECqfpg6kFJiYDxIbj54LDRO0aUT4iF1Vm/ROEiNuclRX12u2FMG9NbmWWSI
         WpDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=jaQuyA6C1jRHiZELKKWMXOfPZ+D3+22J6ZUEhDnItjM=;
        b=ft80oTQFudc/Gmnst1urZgbBbJx+BTLRbZESVcIdqs5R251w8/jtFsnxrFlihWTxnB
         Bm/obBiVM73I6zTEEfBplmjLYe8lPzEOWP5aHWsp1dmI44jjhskXTaZJG15CergLx7j5
         6Jb+xXn5Mq5CkNwcok5pxZTr0Y88wxZYrA61q1F9ezwrM1y4qlCuJUFY8d231dgeUR6E
         /tIuvtbVLLsnv/LoeorTUW2AxvpIHTpQzImZFOGEnaS6+fsDCuy/oRKM9J7A6nBFyIBn
         pbnPmIEolwvfaDouX6wrYuzkA41Nex0Z7g227O2xMpTXcIkoGZ3znUNjIUMs/3veQ/Q+
         awcg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mDT87QBq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c12si1220661edr.247.2020.07.29.06.03.25;
        Wed, 29 Jul 2020 06:03:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mDT87QBq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727001AbgG2NAm (ORCPT <rfc822;dexuan.linux@gmail.com>
        + 99 others); Wed, 29 Jul 2020 09:00:42 -0400
Received: from userp2120.oracle.com ([156.151.31.85]:60862 "EHLO
        userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726353AbgG2NAl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Jul 2020 09:00:41 -0400
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
        by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 06TCvndZ152566;
        Wed, 29 Jul 2020 13:00:32 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc
 : subject : message-id : references : mime-version : content-type :
 in-reply-to; s=corp-2020-01-29;
 bh=jaQuyA6C1jRHiZELKKWMXOfPZ+D3+22J6ZUEhDnItjM=;
 b=mDT87QBqMdBvvU9frqss3iVQYCN/e4/VkJkT7M7GsU4uePNMxn8J6bYbfO0kuM/qioXt
 vgDBdOvWMwmqFu9X6bnc6lg4FxAIHMqxqsqsVFqLGTnFdOYE3GKD/aHT9LAD/jO/C9S9
 y86CEbYrqfHANp0SrMa6Hzb8hNQSMJkqsobIu4ksF4HXkgY514F7fI75alhX3fuTeiRv
 WjUao04UA7DPFuqmMLPS9xX4Pq/Kl5R/fPSmIOrZ1nj1x9lxdk7W4htvtuyi+Av/owTx
 5+O0190yt+DYazFeXPp1O6rBMz84coQVL7OuoBPIRMwye5vvqUbwUxSKhaqhKNohZiLa dw== 
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71])
        by userp2120.oracle.com with ESMTP id 32hu1jndpj-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Wed, 29 Jul 2020 13:00:32 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1])
        by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 06TCqk4a134381;
        Wed, 29 Jul 2020 12:58:32 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by aserp3030.oracle.com with ESMTP id 32hu5vqcd3-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 29 Jul 2020 12:58:31 +0000
Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 06TCwRQi030074;
        Wed, 29 Jul 2020 12:58:27 GMT
Received: from kadam (/41.57.98.10)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 29 Jul 2020 05:58:27 -0700
Date:   Wed, 29 Jul 2020 15:58:20 +0300
From:   Dan Carpenter <dan.carpenter@oracle.com>
To:     Peilin Ye <yepeilin.cs@gmail.com>
Cc:     Denis Efremov <efremov@linux.com>, Jens Axboe <axboe@kernel.dk>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel-mentees@lists.linuxfoundation.org,
        linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH v2] block/floppy: Prevent
 kernel-infoleak in raw_cmd_copyout()
Message-ID: <20200729125820.GB1840@kadam>
References: <20200728141946.426245-1-yepeilin.cs@gmail.com>
 <20200729115157.8519-1-yepeilin.cs@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200729115157.8519-1-yepeilin.cs@gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9696 signatures=668679
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 mlxscore=0 adultscore=0 spamscore=0 phishscore=0 mlxlogscore=999
 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2006250000 definitions=main-2007290085
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9696 signatures=668679
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 mlxlogscore=999
 malwarescore=0 impostorscore=0 priorityscore=1501 spamscore=0 phishscore=0
 suspectscore=0 bulkscore=0 mlxscore=0 lowpriorityscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000
 definitions=main-2007290085
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Argh...  This isn't right still.  The "ptr" comes from raw_cmd_copyin()

ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_KERNEL);

The struct hole could still be uninitialized from kmalloc() and instead
of from the stack.  Smatch is only looking for the common stack info
leaks and doesn't worn about holes in kmalloc()ed memory.

regards,
dan carpenter