Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp491583rdb; Thu, 5 Oct 2023 11:45:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEaMkksKaVMi5NkfzVn4a60ycTQ6xEHklAnRE3tStHDvM9vV2EVeB9e8D3g2IZ+qywxmXXD X-Received: by 2002:a05:6a20:a115:b0:14c:f16a:2b78 with SMTP id q21-20020a056a20a11500b0014cf16a2b78mr6927740pzk.45.1696531509337; Thu, 05 Oct 2023 11:45:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696531509; cv=none; d=google.com; s=arc-20160816; b=MqcooR2kihApC1+gOUovmEjZbxoUzU5/dNl1mAMH8eXF1/A1q8M53X+6UhHbb6ytYC nL7fc7VCi5JxAGJoRzg3rLwz6CWdkGzqpN5HmZtnMcy4Z1XVbNVf4Qve/7OL4cjYmMzA Ve6VplXW5t3Drc5VVc/3LD/MFYE8vISWUfAKqTiKZzACFHSBTgZHPiYemdp2lsJpR2La XWn1hMGqXBkZzHAsoGX6vH4tRXMMRdX7OeKbcrBoxPEjToa9WUbgW3m/DqlSTCuokCfr jED7e7tnbkaotzt+s1L0GhruhJPnsg6Wz+aoQVokytqTvd1qj+LY6ROjk0yKdjdkbZwK YnsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=PFWNBtU76KeJxQDIO0H4Sfx+OEo8k0YfwMgIigfU3y4=; fh=iPhGvclve4ze4hIpq5cHi4NAexKL32786WYWtkrQlIE=; b=lg1iV5WSSUkG/7m8O1vYugWnQL4cSvrnmdaq4xjHu3kIyDX0cxyFcRqv9hbvdLSieM 7nwwIeeT3AtGs6+lSWjanFK1UHD9g4FEadUpfnPWJqcebeZe2aCcWu0am4od/L++svhR duMY95gAR4sQOvEvoE/Y9WpL5H9QKRxV9tdlgNCcLCDXeu07915Rz2GzFRqSavM7Ihw6 /3Fz3ZEpWSJUrDlfc477k8erzn3uRM7LWesj+T/bkusDTfnPbrhlu6K1V2aHceAOQZb1 1ymVT46igK095CV7VbIGFQ6P8HJrhvyroPWknZqYNYcke9+38uCwA98kFzs4KNxGGnQ4 +uxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=esLrc60Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id e70-20020a636949000000b0057d08dac75csi1922954pgc.517.2023.10.05.11.45.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 11:45:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=esLrc60Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 4A63C807E408; Thu, 5 Oct 2023 11:45:04 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230125AbjJESoy (ORCPT + 99 others); Thu, 5 Oct 2023 14:44:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229723AbjJESox (ORCPT ); Thu, 5 Oct 2023 14:44:53 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6EA1990; Thu, 5 Oct 2023 11:44:52 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-9b96c3b4be4so236011266b.1; Thu, 05 Oct 2023 11:44:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696531491; x=1697136291; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=PFWNBtU76KeJxQDIO0H4Sfx+OEo8k0YfwMgIigfU3y4=; b=esLrc60YZ050PpyPfGaBa3NrN/iXKEVKVKrJwLZhl8RGs2VsmLMtGZ7hjI1BiIzEBM ElSzpWvQARbVZvY6OWrzKsm7e8/NdC0z0une1B1uG6gpUMlFLY0AGnpReSnjSqcWPeye mZ4SRfgxC4kAaC/EAlNMF+H0ODaJqCwnWTWSiwLILKjtFtxSo84Rj7oYmk9dl1f21hTw 7MUFVf4wq7JgoxQSkf14bAEaU4R+3353cYIWXZbJigxrCIkeh3IUt3EwNt+Foqko9FNT Y6u6tAjlp1f4hLRtBlgXa70Ae01XC7OaJhSuXcGLmWTmE5jkAiGzrdsWZ0r60NSR9bVG a4ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696531491; x=1697136291; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PFWNBtU76KeJxQDIO0H4Sfx+OEo8k0YfwMgIigfU3y4=; b=WPIaWMzJ38oMTUnCrsXBvGe1LCQGCOcBCAmYbco9SS+vb66YtMVPwEGzgzAj2eEGq+ EyTTeUcwXPtjtQHDl8NwfwEzOr/tSIuMbCpl0+F6ichIJwUTVocq/oK6e/jT9owzIRTO qAZCQd4e2OxOV2J/8DkNavNOQoJ2H41w7UvMZcY2bTmZH8R7+4TkKzA5UHk+9yVsS+sy Cf8JSH+W+hlhA/epicrFqnq5/WsnPBXoTYBqQv7joHvSpBG1xZr8ol6XdWP/r5lP/Nsk WJDG+5NPSM5jQLynfGVBqKzvm8YRDWEYVtu+aNAxwOXtQw+4dNSrA/iumds20h9LizZZ seFw== X-Gm-Message-State: AOJu0Yx6dNh816/cI7idQSpebrrqq5ClM59zSIme7DPw75eVTF0uzBl+ fsPHGHs/2gJ3ZoQbPIGlvPeoJxmJQg== X-Received: by 2002:a17:907:75e5:b0:9a5:852f:10ae with SMTP id jz5-20020a17090775e500b009a5852f10aemr5208540ejc.60.1696531490553; Thu, 05 Oct 2023 11:44:50 -0700 (PDT) Received: from p183 ([46.53.253.206]) by smtp.gmail.com with ESMTPSA id ks8-20020a170906f84800b0099b6becb107sm1596011ejb.95.2023.10.05.11.44.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 11:44:50 -0700 (PDT) Date: Thu, 5 Oct 2023 21:44:44 +0300 From: Alexey Dobriyan To: Greg Kroah-Hartman Cc: Jiri Slaby , linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: stack leak via uart_get_info() ? Message-ID: <4bb69834-405c-40da-ac3d-f5b29d2eecf0@p183> References: <967b9ef1-fb36-48bf-9e6a-1b99af24c052@p183> <2023100517-washer-why-7513@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <2023100517-washer-why-7513@gregkh> X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 05 Oct 2023 11:45:04 -0700 (PDT) On Thu, Oct 05, 2023 at 07:55:34PM +0200, Greg Kroah-Hartman wrote: > On Thu, Oct 05, 2023 at 07:34:21PM +0300, Alexey Dobriyan wrote: > > If this check ever triggers > > > > static int uart_get_info(struct tty_port *port, struct serial_struct *retinfo) > > { > > > > uport = uart_port_check(state); > > if (!uport) > > goto out; > > > > then all those sysfs users will print stack contents to userspace. > > > > Can it trigger while sysfs read is executing? > > I don't think it can ever fail, we don't even check the result in other > places, so it should all be fine. > > > Signed-off-by: Alexey Dobriyan > > --- > > > > --- a/drivers/tty/serial/serial_core.c > > +++ b/drivers/tty/serial/serial_core.c > > @@ -775,6 +775,8 @@ static int uart_get_info(struct tty_port *port, struct serial_struct *retinfo) > > struct uart_port *uport; > > int ret = -ENODEV; > > > > + *retinfo = (struct serial_struct){}; > > This is good (although I hate the implied memcpy), a real memset would > be best to ensure that any holes are also filled. Want to do that, or > want me to? I don't mind memset(), but "struct serial_struct" structure has kernel pointers: unsigned char* iomem_base; so it is not shipped to userspace, so padding isn't an issue.