Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1748650ybg; Thu, 30 Jul 2020 01:22:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOvRi/IYtjmCSmpgYILLXzOxgJOTsS5jUf5yxylcSDx3vbWE4c3Qkh20WpqkoGDY2DS7wd X-Received: by 2002:aa7:c496:: with SMTP id m22mr1534995edq.336.1596097337086; Thu, 30 Jul 2020 01:22:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596097337; cv=none; d=google.com; s=arc-20160816; b=Yn7J1spztwJgdYHG5b0xOzofWXYiFl/QSOkwBrVrqR4i5pdwpf/qyTLj8kcg6w9U7q R+OTJYOQpUGhnQ4NbnbCZHHmzQhOF29jMHhpf6ppsJ+QuiuqnmAfjxQwTgxYzz930lR/ FCay5QiJ9wQUDCofTnIsrm34KqRZyUskXx+Urb9W4tvqCLd9Kvb93tUflcwybT4Qha3P 784p05kjOG54Z+QqQjJIyUXgldDk+NxGE7r2n1HdY4BcpXWc4aZUrPxz4P0+/oYxeTEH gkfNoLn16suinsEWkzNrqSqsjfU9rsxsfvEj8ZhklS8taLA6SX0dBfB8cuYFXYq1xOFJ aPEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=xk9Rc7RW0dpZR2H7aQdCd9x/8Qyf+LufFcyvFMA4TRc=; b=vAs1JlK6nPAuV5jHK/P1mR9hqBrd/zJBbFE69fX/BT1kSaW2lDW0tQbqBUsHBCHG4U Ah//nAeZG8qWJUVOs227mmV8T7x6SkiiHAgJ/eClxIiQn7XsQt0o5wfQU2ywQMHr5fBV Zjcss/xEuS3yMQkOrqhd1z2O51iZMvTIBl7wea0BARhKjf0RS66F9WtFLUqN8yDwyVFA x+/wBYhqZvHN0fKlbQzWEWrae3NRy6CPbKktvq2jiEuFM2uMTSsg4yENrXQ4IWDFuTVl 2RRxjVIoCusjQ8a6prHyFbum2GFJGWgDqXZL1p1lcPMebyNH4BG8eO2Rr/0neNncCNVD m4lA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bgdev-pl.20150623.gappssmtp.com header.s=20150623 header.b=pE6CSjWS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn2si2929092edb.378.2020.07.30.01.21.54; Thu, 30 Jul 2020 01:22:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@bgdev-pl.20150623.gappssmtp.com header.s=20150623 header.b=pE6CSjWS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729446AbgG3IUA (ORCPT + 99 others); Thu, 30 Jul 2020 04:20:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729445AbgG3IHZ (ORCPT ); Thu, 30 Jul 2020 04:07:25 -0400 Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D4A6C061794 for ; Thu, 30 Jul 2020 01:07:25 -0700 (PDT) Received: by mail-io1-xd43.google.com with SMTP id d18so27361174ion.0 for ; Thu, 30 Jul 2020 01:07:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bgdev-pl.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xk9Rc7RW0dpZR2H7aQdCd9x/8Qyf+LufFcyvFMA4TRc=; b=pE6CSjWSaGf1LyVds1/RMgYF8RUGn5TZJHXjYS/z/3WaD/zI5X1T9UbxdlEfExt4ww fiqw/WQL2m4SbqfCbmmkBHeRQhdJSW9DpRLqk8AR9klNEzDn7/B/DxPU58pcTa/roMhX q+NiInRLqX2FCBQqSqR6dwQePoBJg1KF++pHOAaL1fbTI2Pt7YBGj0qEbkSBbQ+gLBVT f1wmkKBYvpRYP+sJwr0AaAzhTNcWtqdtQ00XyCegbxhSgtCxlXIZ5LsbRBM4B2/sMoNW AIdPy1KUeQ6cltA6WKnQG6UCU/dajwelb3Ze02nd0x9mlUt6DJJGOH8d6VqI6qpXvQHi 9byg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xk9Rc7RW0dpZR2H7aQdCd9x/8Qyf+LufFcyvFMA4TRc=; b=ZakwWQwo/SPKBV/5anufCYDJWa8HHWcw8NJqnfX6GzHmu5cH+y5c/8Hy5TjSmUkiKT 6J4jckBpGtCgdpyjA28PX97HXrfW5etDu5mNvG/XntzISplZAaMWp8hpVsowJT+uHtib cGEJaz17VHm0DI0uxhhDiAHkYL1j0f8vsRavIWyDrjTjWYfQeMnl0ubYDGrtVqRGg0Tl CT7kBIrpfx8dG1UyWSGCmeycak8xO+WUKsCHqk2a+cB6pMNhNnZsZOWjWSwL6DgmxiUu lWFD/weYVTOcaEOy7V9qzju7Nd984CNRDleG/M0T9EY2usHo4kVMb5IsN/wAM25SeVXv 31Xg== X-Gm-Message-State: AOAM533fc8hTUwq7I9pg8jKEaq17cY325nT4zvXrnkruOOZI13ZJEAgG /fazw8uXwCVMXeiecR8bcl5lxmnLxrzUTBLXWKMXEQ== X-Received: by 2002:a02:854a:: with SMTP id g68mr2156366jai.24.1596096444677; Thu, 30 Jul 2020 01:07:24 -0700 (PDT) MIME-Version: 1.0 References: <20200726220557.102300-1-yepeilin.cs@gmail.com> <20200726222703.102701-1-yepeilin.cs@gmail.com> <20200727131608.GD1913@kadam> <20200728130632.GI1913@kadam> In-Reply-To: From: Bartosz Golaszewski Date: Thu, 30 Jul 2020 10:07:13 +0200 Message-ID: Subject: Re: [Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix kernel-infoleak in video_put_user() To: Arnd Bergmann Cc: Dan Carpenter , Linus Walleij , Peilin Ye , Mauro Carvalho Chehab , Greg Kroah-Hartman , syzkaller-bugs , Hans Verkuil , Sakari Ailus , Laurent Pinchart , Vandana BN , Ezequiel Garcia , =?UTF-8?Q?Niklas_S=C3=B6derlund?= , linux-kernel-mentees@lists.linuxfoundation.org, Linux Media Mailing List , "linux-kernel@vger.kernel.org" , Andy Shevchenko Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 28, 2020 at 3:58 PM Arnd Bergmann wrote: > > On Tue, Jul 28, 2020 at 3:06 PM Dan Carpenter wrote: > > > > On Tue, Jul 28, 2020 at 02:22:29PM +0200, Linus Walleij wrote: > > > On Mon, Jul 27, 2020 at 3:17 PM Dan Carpenter wrote: > > > > > > > Here are my latest warnings on linux-next from Friday. > > > > > > Thanks for sharing this Dan, very interesting findings. > > > > > > > drivers/gpio/gpiolib-cdev.c:473 lineevent_read() warn: check that 'ge' doesn't leak information (struct has a hole after 'id') > > > > > > We are revamping the ABI for 64bit compatibility so we are now running > > > pahole on our stuff. I suppose we need to think about mending this old ABI > > > as well. > > > > Yeah... But this one is a false positive. It's not super hard for me > > to silence it actually. I'll take care of it. It could be a while > > before I push this to the public repository though... > > The lineevent_read() function still needs to be fixed to support > 32-bit compat mode on x86, which is independent of the warning. > > Something like > > static int lineevent_put_data(void __user *uptr, struct gpioevent_data *ge) > { > #ifdef __x86_64__ > /* i386 has no padding after 'id' */ > if (in_ia32_syscall()) { > struct { > compat_u64 timestamp __packed; > u32 id; > } compat_ge = { ge->timestamp, ge->id }; > > if (copy_to_user(uptr, &compat_ge, sizeof(compat_ge))) > return -EFAULT; > > return sizeof(compat_ge); > } > #endif > > if (copy_to_user(uptr, ge, sizeof(*ge)) > return -EFAULT; > > return sizeof(*ge); > } > > Arnd Hi Arnd, Andy actually had a patch for that but since this isn't a regression (it never worked), we decided to leave it as it is and get it right in v2 API. Bartosz