lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <202210040016.bIV4KQlN-lkp@intel.com>
Date:   Tue, 4 Oct 2022 00:20:53 +0800
From:   kernel test robot <lkp@...el.com>
To:     Abel Vesa <abel.vesa@...aro.org>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Steev Klimaszewski <steev@...i.org>,
        Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Subject: [steev:c630-6.0.0-rc6 136/156] drivers/misc/fastrpc.c:1228:8-15:
 WARNING opportunity for memdup_user

tree:   https://github.com/steev/linux c630-6.0.0-rc6
head:   9a45392dd66cc0ecc92257da15460d26f1b8a337
commit: 1da43030e157d71cdf9623741378b7e975edfbdf [136/156] misc: fastrpc: Add support for audiopd
config: openrisc-randconfig-c032-20221002
compiler: or1k-linux-gcc (GCC) 12.1.0

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>

cocci warnings: (new ones prefixed by >>)
>> drivers/misc/fastrpc.c:1228:8-15: WARNING opportunity for memdup_user

vim +1228 drivers/misc/fastrpc.c

  1198	
  1199	static int fastrpc_init_create_static_process(struct fastrpc_user *fl,
  1200						      char __user *argp)
  1201	{
  1202		struct fastrpc_init_create_static init;
  1203		struct fastrpc_invoke_args *args;
  1204		struct fastrpc_phy_page pages[1];
  1205		char *name;
  1206		int err;
  1207		struct {
  1208			int pgid;
  1209			u32 namelen;
  1210			u32 pageslen;
  1211		} inbuf;
  1212		u32 sc;
  1213	
  1214		args = kcalloc(FASTRPC_CREATE_STATIC_PROCESS_NARGS, sizeof(*args), GFP_KERNEL);
  1215		if (!args)
  1216			return -ENOMEM;
  1217	
  1218		if (copy_from_user(&init, argp, sizeof(init))) {
  1219			err = -EFAULT;
  1220			goto err;
  1221		}
  1222	
  1223		if (init.namelen > INIT_FILE_NAMELEN_MAX) {
  1224			err = -EINVAL;
  1225			goto err;
  1226		}
  1227	
> 1228		name = kzalloc(init.namelen, GFP_KERNEL);
  1229		if (!name) {
  1230			err = -ENOMEM;
  1231			goto err;
  1232		}
  1233	
  1234		if (copy_from_user(name, (void __user *)(uintptr_t)init.name, init.namelen)) {
  1235			err = -EFAULT;
  1236			goto err_name;
  1237		}
  1238	
  1239		if (!fl->cctx->remote_heap) {
  1240			err = fastrpc_remote_heap_alloc(fl, fl->sctx->dev, init.memlen,
  1241							&fl->cctx->remote_heap);
  1242			if (err)
  1243				goto err_name;
  1244	
  1245			/* Map if we have any heap VMIDs associated with this ADSP Static Process. */
  1246			if (fl->cctx->vmcount) {
  1247				unsigned int perms = BIT(QCOM_SCM_VMID_HLOS);
  1248	
  1249				err = qcom_scm_assign_mem(fl->cctx->remote_heap->phys,
  1250								(u64)fl->cctx->remote_heap->size, &perms,
  1251								fl->cctx->vmperms, fl->cctx->vmcount);
  1252				if (err) {
  1253					dev_err(fl->sctx->dev, "Failed to assign memory with phys 0x%llx size 0x%llx err %d",
  1254						fl->cctx->remote_heap->phys, fl->cctx->remote_heap->size, err);
  1255					goto err_map;
  1256				}
  1257			}
  1258		}
  1259	
  1260		inbuf.pgid = fl->tgid;
  1261		inbuf.namelen = init.namelen;
  1262		inbuf.pageslen = 0;
  1263		fl->pd = USER_PD;
  1264	
  1265		args[0].ptr = (u64)(uintptr_t)&inbuf;
  1266		args[0].length = sizeof(inbuf);
  1267		args[0].fd = -1;
  1268	
  1269		args[1].ptr = (u64)(uintptr_t)name;
  1270		args[1].length = inbuf.namelen;
  1271		args[1].fd = -1;
  1272	
  1273		pages[0].addr = fl->cctx->remote_heap->phys;
  1274		pages[0].size = fl->cctx->remote_heap->size;
  1275	
  1276		args[2].ptr = (u64)(uintptr_t) pages;
  1277		args[2].length = sizeof(*pages);
  1278		args[2].fd = -1;
  1279	
  1280		sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE_STATIC, 3, 0);
  1281	
  1282		err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE,
  1283					      sc, args);
  1284		if (err)
  1285			goto err_invoke;
  1286	
  1287		kfree(args);
  1288	
  1289		return 0;
  1290	err_invoke:
  1291		if (fl->cctx->vmcount) {
  1292			struct qcom_scm_vmperm perm;
  1293	
  1294			perm.vmid = QCOM_SCM_VMID_HLOS;
  1295			perm.perm = QCOM_SCM_PERM_RWX;
  1296			err = qcom_scm_assign_mem(fl->cctx->remote_heap->phys,
  1297							(u64)fl->cctx->remote_heap->size,
  1298							&(fl->cctx->vmperms[0].vmid), &perm, 1);
  1299			if (err)
  1300				dev_err(fl->sctx->dev, "Failed to assign memory phys 0x%llx size 0x%llx err %d",
  1301					fl->cctx->remote_heap->phys, fl->cctx->remote_heap->size, err);
  1302		}
  1303	err_map:
  1304		fastrpc_buf_free(fl->cctx->remote_heap);
  1305	err_name:
  1306		kfree(name);
  1307	err:
  1308		kfree(args);
  1309	
  1310		return err;
  1311	}
  1312	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config" of type "text/plain" (179986 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ