On Wed, Jul 5, 2017 at 2:48 PM, Arnd Bergmann <[email protected]> wrote: > On Wed, Jul 5, 2017 at 11:35 PM, Linus Torvalds > <[email protected]> wrote: > >> So the issue I think would be good to fix is perhaps best explained by >> pseudo-code >> >> int testfn(struct somestruct __user *p) >> { >> struct somestruct a; >> >> initialize_struct(&a); >> if (copy_to_user(p, &a, sizeof(a))) >> return -EFAULT; >> return 0; >> } >> >> which is obviously made-up code, but is not actually entirely unrealistic. > > This particular example should be handled by > scripts/gcc-plugins/structleak_plugin.c, right?
Only if struct somestruct _contains_ a __user pointer. I would love to see this logic expanded, of course. :) -Kees -- Kees Cook Pixel Security
