| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Oct 2022 00:20:53 +0800
From: kernel test robot <lkp@...el.com>
To: Abel Vesa <abel.vesa@...aro.org>
Cc: kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
Steev Klimaszewski <steev@...i.org>,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Subject: [steev:c630-6.0.0-rc6 136/156] drivers/misc/fastrpc.c:1228:8-15:
WARNING opportunity for memdup_user
tree: https://github.com/steev/linux c630-6.0.0-rc6
head: 9a45392dd66cc0ecc92257da15460d26f1b8a337
commit: 1da43030e157d71cdf9623741378b7e975edfbdf [136/156] misc: fastrpc: Add support for audiopd
config: openrisc-randconfig-c032-20221002
compiler: or1k-linux-gcc (GCC) 12.1.0
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
cocci warnings: (new ones prefixed by >>)
>> drivers/misc/fastrpc.c:1228:8-15: WARNING opportunity for memdup_user
vim +1228 drivers/misc/fastrpc.c
1198
1199 static int fastrpc_init_create_static_process(struct fastrpc_user *fl,
1200 char __user *argp)
1201 {
1202 struct fastrpc_init_create_static init;
1203 struct fastrpc_invoke_args *args;
1204 struct fastrpc_phy_page pages[1];
1205 char *name;
1206 int err;
1207 struct {
1208 int pgid;
1209 u32 namelen;
1210 u32 pageslen;
1211 } inbuf;
1212 u32 sc;
1213
1214 args = kcalloc(FASTRPC_CREATE_STATIC_PROCESS_NARGS, sizeof(*args), GFP_KERNEL);
1215 if (!args)
1216 return -ENOMEM;
1217
1218 if (copy_from_user(&init, argp, sizeof(init))) {
1219 err = -EFAULT;
1220 goto err;
1221 }
1222
1223 if (init.namelen > INIT_FILE_NAMELEN_MAX) {
1224 err = -EINVAL;
1225 goto err;
1226 }
1227
> 1228 name = kzalloc(init.namelen, GFP_KERNEL);
1229 if (!name) {
1230 err = -ENOMEM;
1231 goto err;
1232 }
1233
1234 if (copy_from_user(name, (void __user *)(uintptr_t)init.name, init.namelen)) {
1235 err = -EFAULT;
1236 goto err_name;
1237 }
1238
1239 if (!fl->cctx->remote_heap) {
1240 err = fastrpc_remote_heap_alloc(fl, fl->sctx->dev, init.memlen,
1241 &fl->cctx->remote_heap);
1242 if (err)
1243 goto err_name;
1244
1245 /* Map if we have any heap VMIDs associated with this ADSP Static Process. */
1246 if (fl->cctx->vmcount) {
1247 unsigned int perms = BIT(QCOM_SCM_VMID_HLOS);
1248
1249 err = qcom_scm_assign_mem(fl->cctx->remote_heap->phys,
1250 (u64)fl->cctx->remote_heap->size, &perms,
1251 fl->cctx->vmperms, fl->cctx->vmcount);
1252 if (err) {
1253 dev_err(fl->sctx->dev, "Failed to assign memory with phys 0x%llx size 0x%llx err %d",
1254 fl->cctx->remote_heap->phys, fl->cctx->remote_heap->size, err);
1255 goto err_map;
1256 }
1257 }
1258 }
1259
1260 inbuf.pgid = fl->tgid;
1261 inbuf.namelen = init.namelen;
1262 inbuf.pageslen = 0;
1263 fl->pd = USER_PD;
1264
1265 args[0].ptr = (u64)(uintptr_t)&inbuf;
1266 args[0].length = sizeof(inbuf);
1267 args[0].fd = -1;
1268
1269 args[1].ptr = (u64)(uintptr_t)name;
1270 args[1].length = inbuf.namelen;
1271 args[1].fd = -1;
1272
1273 pages[0].addr = fl->cctx->remote_heap->phys;
1274 pages[0].size = fl->cctx->remote_heap->size;
1275
1276 args[2].ptr = (u64)(uintptr_t) pages;
1277 args[2].length = sizeof(*pages);
1278 args[2].fd = -1;
1279
1280 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE_STATIC, 3, 0);
1281
1282 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE,
1283 sc, args);
1284 if (err)
1285 goto err_invoke;
1286
1287 kfree(args);
1288
1289 return 0;
1290 err_invoke:
1291 if (fl->cctx->vmcount) {
1292 struct qcom_scm_vmperm perm;
1293
1294 perm.vmid = QCOM_SCM_VMID_HLOS;
1295 perm.perm = QCOM_SCM_PERM_RWX;
1296 err = qcom_scm_assign_mem(fl->cctx->remote_heap->phys,
1297 (u64)fl->cctx->remote_heap->size,
1298 &(fl->cctx->vmperms[0].vmid), &perm, 1);
1299 if (err)
1300 dev_err(fl->sctx->dev, "Failed to assign memory phys 0x%llx size 0x%llx err %d",
1301 fl->cctx->remote_heap->phys, fl->cctx->remote_heap->size, err);
1302 }
1303 err_map:
1304 fastrpc_buf_free(fl->cctx->remote_heap);
1305 err_name:
1306 kfree(name);
1307 err:
1308 kfree(args);
1309
1310 return err;
1311 }
1312
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config" of type "text/plain" (179986 bytes)
Powered by blists - more mailing lists