Re: [PATCH 02/38] media: v4l2-ioctl: avoid memory leaks on some time32 compat functions
From: Mauro Carvalho Chehab
Date: Thu Sep 03 2020 - 02:02:07 EST
Em Wed, 2 Sep 2020 20:45:53 +0200
Arnd Bergmann <arnd@xxxxxxxx> escreveu:
> On Wed, Sep 2, 2020 at 6:10 PM Mauro Carvalho Chehab
> <mchehab+huawei@xxxxxxxxxx> wrote:
> >
> > There are some reports about possible memory leaks:
> >
> > drivers/media/v4l2-core//v4l2-ioctl.c:3203 video_put_user() warn: check that 'ev32' doesn't leak information (struct has a hole after 'type')
> > drivers/media/v4l2-core//v4l2-ioctl.c:3230 video_put_user() warn: check that 'vb32' doesn't leak information (struct has a hole after 'memory')
> >
> > While smatch seems to be reporting a false positive (line 3203),
> > there's indeed a possible leak with reserved2 at vb32.
> >
> > We might have fixed just that one, but smatch checks won't
> > be able to check leaks at ev32. So, re-work the code in a way
> > that will ensure that the var contents will be zeroed before
> > filling it.
> >
> > With that, we don't need anymore to touch reserved fields.
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
>
> Isn't this the same as commit 4ffb879ea648 ("media: media/v4l2-core:
> Fix kernel-infoleak
> in video_put_user()") that you already applied (aside from the issue
> that Laurent
> pointed out)?
Oh! I completely forgot about that one which is at the fixes branch.
Yeah, you're right! I'll drop this one from the series.
Thanks!
Mauro