| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87seq2dlhd.fsf@DESKTOP-5N7EMDA> Date: Thu, 02 Jan 2025 09:59:26 +0800 From: "Huang, Ying" <ying.huang@...ux.alibaba.com> To: kingdix10@...com Cc: akpm@...ux-foundation.org, andriy.shevchenko@...ux.intel.com, ilpo.jarvinen@...ux.intel.com, bhelgaas@...gle.com, mika.westerberg@...ux.intel.com, huang.ying.caritas@...il.com, jhubbard@...dia.com, peterz@...radead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] resource: use kstrdup_const to prevent wild pointer issues kingdix10@...com writes: > From: King Dix <kingdix10@...com> > > When a stack string variable is passed during the request resource > operation, it causes an oops problem when executing cat /proc/iomem. > > In the original code, in functions like __request_region_locked, the name > member of the resource structure was directly assigned the stack string > pointer without proper memory management. > > This fix changes the assignment of res->name to use kstrdup_const for > string copying, ensuring the correct storage and release of the string > and thus avoiding potential memory errors and oops issues. > > Signed-off-by: King Dix <kingdix10@...com> In general, I think that it's good to improve the resource requesting API. However, it's not good to use so many GFP_ATOMIC too. Why do you need to call resource requesting API with stack variable? If it's just some programming bugs, we should add more checks instead of hiding the bugs. For example, if we only allows kernel rodata and slab memory to be used in resource requesting. We can add a VM_WARN_ON() to check that. [snip] --- Best Regards, Huang, Ying
Powered by blists - more mailing lists