Re: [PATCH 4.4 24/28] can: dev: prevent potential information leak in can_fill_info()

From: Dan Carpenter
Date: Tue Feb 02 2021 - 14:12:01 EST

Next message: Kees Cook: "Re: [PATCH v1 1/1] Firstly, as Andy mentioned, this should be smp_rmb() instead of rmb(). considering that TSYNC is a cross-thread situation, and rmb() is a mandatory barrier which should not be used to control SMP effects, since mandatory barriers impose unnecessary overhead on both SMP and UP systems, as kernel Documentation said."
Previous message: Rob Clark: "Re: [PATCH 3/5] drm/msm/dsi_pll_10nm: Fix bad VCO rate calculation and prescaler"
In reply to: Pavel Machek: "Re: [PATCH 4.4 24/28] can: dev: prevent potential information leak in can_fill_info()"
Next in thread: Dan Carpenter: "Re: [PATCH 4.4 24/28] can: dev: prevent potential information leak in can_fill_info()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 02, 2021 at 07:53:17PM +0100, Pavel Machek wrote:
> Hi!
>
> > From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> >
> > [ Upstream commit b552766c872f5b0d90323b24e4c9e8fa67486dd5 ]
> >
> > The "bec" struct isn't necessarily always initialized. For example, the
> > mcp251xfd_get_berr_counter() function doesn't initialize anything if the
> > interface is down.
>
> Well, yes... and = {} does not neccessarily initialize all of the
> structure... for example padding.
>
> It is really simple
>
> struct can_berr_counter {
> __u16 txerr;
> __u16 rxerr;
> };
>
> but maybe something like alpha uses padding in such case, and memset
> would be better?

I'm pretty sure nothing uses padding in this situation. If it does then
we need to re-work a bunch of code.

regards,
dan carpenter