Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp482232lqb; Fri, 24 May 2024 04:47:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVxrInE7g1FqN5cs08srluaVddL0xyWqWJBapG6XQyqDgunoKPL71hGkBxW5hGKb8r+BZMaWG3dl4n//OZvsGTc5yuBDFiro+r5wPZH+w== X-Google-Smtp-Source: AGHT+IHlqo8FeIgJV7HWQboBSVW4GY56AcNHC5DKVRxmChxteJg2Vuhh08WIGKRJeVNWSkPpTbkA X-Received: by 2002:a17:90a:d184:b0:2b6:228a:3d83 with SMTP id 98e67ed59e1d1-2bf5f20809emr1769392a91.39.1716551250471; Fri, 24 May 2024 04:47:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716551250; cv=pass; d=google.com; s=arc-20160816; b=qzlED6iWHmhUc+FKmIkE044UvEHVoIYoTtEKTbPy9JnpqNmYlpYNzqg3cXl0xdhUlX C6m5UtvXzDK0G6UEhoTpdXoWGzAGVSM8AV53QCkFErUOmsARbhb8xn7j0z56Aa/j8MgH hzxCOKKY5fikQY7GJPOA8PSFkIZV/SGPPWd7F7b2sXxKbwYswPNI5z2933FWo9ayM338 5TF2H7dv6X7EzYyK/lZvpgcaI/95Urw2I/5K65aOxYIB0zqCnHwdbG2d2MHP64X9Aueu At3oIimeFyZ1Bj5B28EA7VJU4wURGgEGPbfdcKIP8y4ycROweTzIits3b9lHhTlrFXev 7V+Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=aNem+dmdd5Jv/qwKAey/PCLMWQ4BAT66PJ4x0amD9+k=; fh=ToMiY3t/252TZyNUOe5aT6vhSTzrUI8bwjKJB0VM7M4=; b=fnH++cmD1qzc0+ibK7gvDv0Yqo8mTLiYi8P7Z4KM7FT5h+zc49LAOqO0k80Oy6RqVI tvbJ/4ZBuEpLrKcEQXWtV1qrkC9Y+E/wNJ1u4IW2V2hugs9D05WSHBi0ncz3rJS2Bq2g ONqOHR5XLC2ny3LMvKiwKCsLf4QIY21Ma83sOlMdRYxJU1QLlF6YXeMvYcWRinkJU9oM yzmr96kYN5bk2Bl6XPcXFfB+ZN6OLjih/sy2EuhTpAJGMeDsTYgZwIad9OGzdQ+wEycS mBpf+KNG7wKxAlsJvdTpZlmgmVjGbfdoDIyBM/7iaD/fH+mesYxL9Qy2TwiJP5ImbC6y wZ6A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mbvJzNZC; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-188654-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188654-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2bf5fe35b27si1292493a91.112.2024.05.24.04.47.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 04:47:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188654-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mbvJzNZC; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-188654-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188654-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 79BD6B21649 for ; Fri, 24 May 2024 11:47:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E9C4F8625F; Fri, 24 May 2024 11:47:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="mbvJzNZC" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1908E8565B; Fri, 24 May 2024 11:47:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716551238; cv=none; b=MLT31Dae15Zmg06cXgJxk4dkYh9xcgBlss5h3JBpllvWFXhJ3UeUamPhILYxFffrLJB43fCG9riunzUWAzJSFyvDoKWFLLaHKJaLt5dJF4voP2bEJWGvcS4bZMu7kJ/DhmZ7mhMFqLIV0zp+t5eSmsMAYKH8wjHxz9igVyzdo0Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716551238; c=relaxed/simple; bh=laFCZAQzfWR8fPbw0NoR/VGc8vV6Sykpx1HdwgikE3E=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=pOxLK+WFAOwczrqiLAz5f3ADy/Cs0Y17f9OydPYts7kHCtujOBeuBZRi/plNXPVodk7re1E+5XC0P4e5IlSK/rkIDiu0YIOI3dPdJXdtdHnvtzdXYL1iYXe5LWPu9oMpPgWYZaehg94jhu95DqKUtrf77DvgYD/lb/aaYEnqeB0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=mbvJzNZC; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2DACBC2BBFC; Fri, 24 May 2024 11:47:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1716551237; bh=laFCZAQzfWR8fPbw0NoR/VGc8vV6Sykpx1HdwgikE3E=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mbvJzNZCaW0uOIWYaqqHJj3FGGC1eFebNTFK8GrmNzV/CQj1j07zUjzfcn1qQVwiq CQWPGPtUcbmW2jhoWUBRfILe63X9j8GbZtBZ9I4KYK34sJEKYYktUhVw8aJVEq/ZPi FlV6GlklfJDH9Ow4Hgda/AaVKDpK6MfQplzSxJnI= Date: Fri, 24 May 2024 13:47:14 +0200 From: Greg KH To: quic_zijuhu Cc: rafael@kernel.org, akpm@linux-foundation.org, dmitry.torokhov@gmail.com, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] kobject_uevent: Fix OOB access within zap_modalias_env() Message-ID: <2024052405-award-recycling-6931@gregkh> References: <1716524403-5415-1-git-send-email-quic_zijuhu@quicinc.com> <2024052418-casket-partition-c143@gregkh> <74465bf5-ca18-45f8-a881-e95561c59a02@quicinc.com> <2024052438-hesitate-chevron-dbd7@gregkh> <5acce173-0224-4a05-ae88-3eb1833fcb39@quicinc.com> <2024052458-unleash-atom-489b@gregkh> <0b916393-eb39-4467-9c99-ac1bc9746512@quicinc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0b916393-eb39-4467-9c99-ac1bc9746512@quicinc.com> On Fri, May 24, 2024 at 05:08:06PM +0800, quic_zijuhu wrote: > On 5/24/2024 2:56 PM, Greg KH wrote: > > On Fri, May 24, 2024 at 01:34:49PM +0800, quic_zijuhu wrote: > >> On 5/24/2024 1:21 PM, Greg KH wrote: > >>> On Fri, May 24, 2024 at 01:15:01PM +0800, quic_zijuhu wrote: > >>>> On 5/24/2024 12:33 PM, Greg KH wrote: > >>>>> On Fri, May 24, 2024 at 12:20:03PM +0800, Zijun Hu wrote: > >>>>>> zap_modalias_env() wrongly calculates size of memory block > >>>>>> to move, so maybe cause OOB memory access issue, fixed by > >>>>>> correcting size to memmove. > >>>>> > >>>>> "maybe" or "does"? That's a big difference :) > >>>>> > >>>> i found this issue by reading code instead of really meeting this issue. > >>>> this issue should be prone to happen if there are more than 1 other > >>>> environment vars. > >>> > >>> But does it? Given that we have loads of memory checkers, and I haven't > >>> ever seen any report of any overrun, it would be nice to be sure. > >>> > >> yes. if @env includes env vairable MODALIAS and more than one other env > >> vairables. then (env->buflen - len) must be greater that actual size of > >> "target block" shown previously, so the OOB issue must happen. > > > > Then why are none of the tools that we have for catching out-of-bound > > issues triggered here? Are the tools broken or is this really just not > > ever happening? It would be good to figure that out... > > > don't know why. perhaps, need to report our case to expert of tools. Try running them yourself and see!