Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp318061lqb; Thu, 23 May 2024 21:33:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUPz0S14DSD0UZAeu1/oyqa+qaPAvKY3XvI5h7Zgu09SLQiYaG8YK5aEaN5IoRvDTGt7hC/jqcR7OFKDeOSF1gAxXzyXH/c6KUeawD6Vg== X-Google-Smtp-Source: AGHT+IHe5tEZ6e/dU3Jg2cq0K9uB2hV39x7md/hUcVLQhe2vkhIre6mbvDhjwXJeRK2kJKxOW9HX X-Received: by 2002:a05:620a:7ed:b0:794:9745:9d81 with SMTP id af79cd13be357-794aa84d210mr241339185a.29.1716525207336; Thu, 23 May 2024 21:33:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716525207; cv=pass; d=google.com; s=arc-20160816; b=eCfoB8TzsxJipNreOMhOTI0cOVoAt2Q+52LrEyjty2fIDoL2vGlsQslyP3mbgq2V6b KthqN0hcU+EjAXRZ48030tEQ7G+9LQi9gbbGKoBH415e3+z0WbAnTZtxwlbgI8RHuSOV LEy/L5JUxculvU+qflY8DKqnqcwRlZVUmBOWX+J9tX0CfV7fxfmowtC35BgtmbDXq4jm 0vHFvUxx6wQ1yXex3xIh+dblgiJ+DFuCF6GEMeiu1eudnfCtASF90bWVxhN8lYt/6Wzk JHen1LAmZqxRI31/RM3RBRbpVhM6oLUvMr0F+Maj+0abYRavkotPYojScX0ZewH/1DiT 4+OQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=pwqTV172EBmmGzyxUrfkf+KhW9oP3FhNOR7HSEZirX8=; fh=kKVA3xHoVUwHj/FXHmi/wdKitykYThkbci748r/7ldE=; b=QClgX+e/BmbBQ3tgcRjIY6ynlgd+c73WIgCFmmrH6qmxMc9YNnCTl+oQbOB6br6P84 1w9ihAfSQ63mFRFmWcxzu7lQtc4U/AyqCZRQRH7O8qWiQbDd98IIUy0D8N7n3AAOCbQ2 f9lbpDhe0kJ1GasqMO3pz5Iw0XwxTcFodnw2O4dhwIKZ0xhVghGb4L8YeMjPTroe+4el nBVUW6rdXto4IALWtp/9jTiAJUoBO6gDBqj6zUjAOjmbsuOahuVt5W1+z7hP0sfsOzhG f9hepBTY9Aq7aIQqicQvEOOhffLdsrHmMJq+qcrOvgLnXWmEE5yAz3BGAsZPPrsEDzOI mPqg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UjzBHD3A; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-188309-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188309-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id af79cd13be357-794abcab884si72354285a.148.2024.05.23.21.33.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 21:33:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188309-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UjzBHD3A; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-188309-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188309-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 12C6C1C2104E for ; Fri, 24 May 2024 04:33:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CA11F383AE; Fri, 24 May 2024 04:33:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="UjzBHD3A" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3B7B15A5; Fri, 24 May 2024 04:33:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716525200; cv=none; b=nuBipWssgvN5i8ikYzF2lVlh49ZMXCvseE1pDo1GZ4VmpAWoIIgOQf861HKZQV1d4UNeMgyUAvbZGeBKHXMlarEx8B+3lqdnXWauaHUwYH2I9Q6u89FZ9G3yPWXqhGH5d/6B9/Rk9w/Qki78PqHteKTZBRCrC392bpUsZ4BM0uo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716525200; c=relaxed/simple; bh=01XdbQZbRvuTXSoXutZnp5QEAgb262rIjygPLBfceLw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=SiTg+1a1QQb5xkIYRX29QlOtaCMTj77hHY3epZVx6/e3L505EdqzqXTbycmJSmJPqG3R8IbuwrPe9+7wxS2sTm1CQRb1k3Zzmrw/BfsRNgV16xll2CQkDaHcl2JLy4BUzziMAmxivqMvbDzhV3A0NidRoif+5+qNXqAfPWxFwHc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=UjzBHD3A; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 00BEAC2BBFC; Fri, 24 May 2024 04:33:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1716525199; bh=01XdbQZbRvuTXSoXutZnp5QEAgb262rIjygPLBfceLw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UjzBHD3ATt9wp5XvgDIpCZxnEb7oIcvqxbeWkKLI8G2cNqUFBlJ6WkBeMiN/bwJ7T fGmGuBRjJTHfX0XYQMgpd7zLqjRfPWVFfMS6JpvJTNL0L6Ko2tR8KwU2A9NyItWnoj XD5PctTO2QgAo2Udu7TL6DNb2z9EmgLU3QHV0XDE= Date: Fri, 24 May 2024 06:33:16 +0200 From: Greg KH To: Zijun Hu Cc: rafael@kernel.org, akpm@linux-foundation.org, dmitry.torokhov@gmail.com, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] kobject_uevent: Fix OOB access within zap_modalias_env() Message-ID: <2024052418-casket-partition-c143@gregkh> References: <1716524403-5415-1-git-send-email-quic_zijuhu@quicinc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1716524403-5415-1-git-send-email-quic_zijuhu@quicinc.com> On Fri, May 24, 2024 at 12:20:03PM +0800, Zijun Hu wrote: > zap_modalias_env() wrongly calculates size of memory block > to move, so maybe cause OOB memory access issue, fixed by > correcting size to memmove. "maybe" or "does"? That's a big difference :) > > Fixes: 9b3fa47d4a76 ("kobject: fix suppressing modalias in uevents delivered over netlink") > Cc: stable@vger.kernel.org > Signed-off-by: Zijun Hu > --- > lib/kobject_uevent.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c > index 03b427e2707e..f153b4f9d4d9 100644 > --- a/lib/kobject_uevent.c > +++ b/lib/kobject_uevent.c > @@ -434,7 +434,7 @@ static void zap_modalias_env(struct kobj_uevent_env *env) > > if (i != env->envp_idx - 1) { > memmove(env->envp[i], env->envp[i + 1], > - env->buflen - len); > + env->buf + env->buflen - env->envp[i + 1]); How is this "more correct"? Please explain it better, this logic is not obvious at all. thanks, greg k-h