lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 22 Jun 2021 09:55:12 +0200
From:   Bartosz Golaszewski <bgolaszewski@...libre.com>
To:     Gabriel Knezek <gabeknez@...ux.microsoft.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        linux-gpio <linux-gpio@...r.kernel.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        joe.reviewer@...mail.com
Subject: Re: [PATCH v3] gpiolib: cdev: zero padding during conversion to gpioline_info_changed

On Tue, Jun 22, 2021 at 12:29 AM Gabriel Knezek
<gabeknez@...ux.microsoft.com> wrote:
>
> When userspace requests a GPIO v1 line info changed event,
> lineinfo_watch_read() populates and returns the gpioline_info_changed
> structure. It contains 5 words of padding at the end which are not
> initialized before being returned to userspace.
>
> Zero the structure in gpio_v2_line_info_change_to_v1() before populating
> its contents.
>
> Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and
> GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
> Signed-off-by: Gabriel Knezek <gabeknez@...ux.microsoft.com>
> ---
> Changes in v3:
>   - Include the Fixes tag referencing the code being fixed and properly
>     version the patch.
>
> Changes in v2:
>   - Update commit message and subject with suggestions about clarity.
>   - Patch series at https://www.spinics.net/lists/linux-gpio/msg62163.html
>
> v1:
>   - Initial patch
>   - Patch series at https://www.spinics.net/lists/linux-gpio/msg62084.html
>
>  drivers/gpio/gpiolib-cdev.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index ee5903aac497..af68532835fe 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1865,6 +1865,7 @@ static void gpio_v2_line_info_changed_to_v1(
>                 struct gpio_v2_line_info_changed *lic_v2,
>                 struct gpioline_info_changed *lic_v1)
>  {
> +       memset(lic_v1, 0, sizeof(*lic_v1));
>         gpio_v2_line_info_to_v1(&lic_v2->info, &lic_v1->info);
>         lic_v1->timestamp = lic_v2->timestamp_ns;
>         lic_v1->event_type = lic_v2->event_type;
> --
> 2.25.1
>

I fixed the wrapping of the Fixes tag and queued this for fixes with
Kent's review tag.

Bart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ