From: glider@google.com
To: adobriyan@gmail.com, akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org, sunhaoyl@outlook.com,
Alexander Potapenko <glider@google.com>
Subject: [PATCH] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
Date: Sun, 19 Apr 2020 12:08:48 +0200
Message-ID: <20200419100848.63472-1-glider@google.com> (raw)
KMSAN reported uninitialized data being written to disk when dumping
core. As a result, several kilobytes of kmalloc memory may be written to
the core file and then read by a non-privileged user.
Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
---
Note: Reported-by: line is subject to change
---
fs/binfmt_elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 13f25e241ac4..25d489bc9453 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1733,7 +1733,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
(!regset->active || regset->active(t->task, regset) > 0)) {
int ret;
size_t size = regset_size(t->task, regset);
- void *data = kmalloc(size, GFP_KERNEL);
+ void *data = kzalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
ret = regset->get(t->task, regset,
--
2.26.1.301.g55bc3eb7cb9-goog
next reply index
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-19 10:08 glider [this message]
2020-04-19 10:10 ` Alexander Potapenko
2020-04-20 22:33 ` Andrew Morton
2020-04-20 22:41 ` Kees Cook
2020-04-21 3:42 ` Al Viro
2020-04-21 8:14 ` Alexander Potapenko
2020-05-12 1:09 ` Al Viro
2020-05-12 3:44 ` Al Viro
2020-05-12 8:20 ` Alexander Potapenko
2020-05-13 3:33 ` Al Viro
2020-05-24 23:45 ` Al Viro
2020-05-26 22:38 ` Al Viro
2020-05-27 12:08 ` Alexander Potapenko
2020-05-27 19:04 ` Borislav Petkov
2020-05-27 19:53 ` Al Viro
2020-05-27 20:09 ` Borislav Petkov
2020-04-21 12:54 ` Alexander Potapenko
2020-04-21 15:09 ` Jann Horn
2020-04-21 16:04 ` Yu-cheng Yu
2020-04-21 16:16 ` Jann Horn
2020-04-21 16:26 ` Yu-cheng Yu
2020-04-21 20:20 ` Kees Cook
2020-04-21 8:06 ` Alexander Potapenko
2020-05-27 21:55 ` Kees Cook
2020-04-21 8:00 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200419100848.63472-1-glider@google.com \
--to=glider@google.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sunhaoyl@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git