lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210622020655.GA8794@sol>
Date:   Tue, 22 Jun 2021 10:06:55 +0800
From:   Kent Gibson <warthog618@...il.com>
To:     Gabriel Knezek <gabeknez@...ux.microsoft.com>,
        bgolaszewski@...libre.com
Cc:     linux-kernel@...r.kernel.org, linux-gpio@...r.kernel.org,
        linus.walleij@...aro.org, andy.shevchenko@...il.com
Subject: Re: [PATCH v3] gpiolib: cdev: zero padding during conversion to
 gpioline_info_changed

On Mon, Jun 21, 2021 at 03:28:59PM -0700, Gabriel Knezek wrote:
> When userspace requests a GPIO v1 line info changed event,
> lineinfo_watch_read() populates and returns the gpioline_info_changed
> structure. It contains 5 words of padding at the end which are not
> initialized before being returned to userspace.
> 
> Zero the structure in gpio_v2_line_info_change_to_v1() before populating
> its contents.
> 
> Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and
> GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
> Signed-off-by: Gabriel Knezek <gabeknez@...ux.microsoft.com>
> ---
> Changes in v3:
>   - Include the Fixes tag referencing the code being fixed and properly
>     version the patch.
> 
> Changes in v2:
>   - Update commit message and subject with suggestions about clarity.
>   - Patch series at https://www.spinics.net/lists/linux-gpio/msg62163.html
> 
> v1:
>   - Initial patch
>   - Patch series at https://www.spinics.net/lists/linux-gpio/msg62084.html
> 
>  drivers/gpio/gpiolib-cdev.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
> index ee5903aac497..af68532835fe 100644
> --- a/drivers/gpio/gpiolib-cdev.c
> +++ b/drivers/gpio/gpiolib-cdev.c
> @@ -1865,6 +1865,7 @@ static void gpio_v2_line_info_changed_to_v1(
>  		struct gpio_v2_line_info_changed *lic_v2,
>  		struct gpioline_info_changed *lic_v1)
>  {
> +	memset(lic_v1, 0, sizeof(*lic_v1));
>  	gpio_v2_line_info_to_v1(&lic_v2->info, &lic_v1->info);
>  	lic_v1->timestamp = lic_v2->timestamp_ns;
>  	lic_v1->event_type = lic_v2->event_type;
> -- 
> 2.25.1
> 

<sigh> The joe.reviewer@...mail.com in the git send-email example that I
provided off list was just that - an example that you were supposed to
replace with the actual reviewers :|.

I wouldn't generally bother with the links to the previous patch
versions, though it might be helpful given the rename and version
issues of the previous patches in this case.  If you are going to
provide links, use reference style with all the links at the bottom of
the mail.

Other than that, the only problem I have is that the Fixes tag line
shouldn't wrap - it is an exception to the rule.
Bart, are you ok with fixing that on the way in - assuming there are no
other objections?

Cheers,
Kent.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ