Re: mpol_to_str revisited.

From: Ben Hutchings
Date: Mon Oct 08 2012 - 20:33:13 EST

Next message: Shuah Khan: "[PATCH] virt/kvm: change kvm_assign_device() to print return valuewhen iommu_attach_device() fails"
Previous message: Neil Salstrom: "Re: PROBLEM: 3.6.0 kernel BUG at fs/dcache.c:967 during shutdown/ restart"
In reply to: David Rientjes: "Re: mpol_to_str revisited."
Next in thread: KOSAKI Motohiro: "Re: mpol_to_str revisited."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2012-10-08 at 11:09 -0400, Dave Jones wrote:
> Last month I sent in 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a to remove
> a user triggerable BUG in mempolicy.
>
> Ben Hutchings pointed out to me that my change introduced a potential leak
> of stack contents to userspace, because none of the callers check the return value.
>
> This patch adds the missing return checking, and also clears the buffer beforehand.
>
> Reported-by: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>

I was wearing my other hat at the time (ben@xxxxxxxxxxxxxxx).

> Cc: stable@xxxxxxxxxx
> Signed-off-by: Dave Jones <davej@xxxxxxxxxx>
>
> ---
> unanswered question: why are the buffer sizes here different ? which is correct?
[...]

Further question: why even use an intermediate buffer on the stack?
Both callers want to write the result to a seq_file. Should mpol_str()
then be replaced with a seq_mpol()?

Ben.

--
Ben Hutchings
Who are all these weirdos? - David Bowie, about L-Space IRC channel #afp

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Shuah Khan: "[PATCH] virt/kvm: change kvm_assign_device() to print return valuewhen iommu_attach_device() fails"
Previous message: Neil Salstrom: "Re: PROBLEM: 3.6.0 kernel BUG at fs/dcache.c:967 during shutdown/ restart"
In reply to: David Rientjes: "Re: mpol_to_str revisited."
Next in thread: KOSAKI Motohiro: "Re: mpol_to_str revisited."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]