diff options
| author | Alexander Potapenko <glider@google.com> | 2020-05-27 22:20:52 -0700 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-11 19:05:58 +0100 |
| commit | d03daec2e50aa2a0b6de2c3572af5e1d61f9d132 (patch) | |
| tree | ec44108ac701d6788c6cf42c484a09aed40e33cb | |
| parent | 493b4e7e4ed9cb671788d886bbc0f8d26ae10dba (diff) | |
| download | linux-stable-d03daec2e50aa2a0b6de2c3572af5e1d61f9d132.tar.gz linux-stable-d03daec2e50aa2a0b6de2c3572af5e1d61f9d132.tar.bz2 linux-stable-d03daec2e50aa2a0b6de2c3572af5e1d61f9d132.zip | |
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
commit 1d605416fb7175e1adf094251466caa52093b413 upstream.
KMSAN reported uninitialized data being written to disk when dumping
core. As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.
Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: https://github.com/google/kmsan/issues/76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| -rw-r--r-- | fs/binfmt_elf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 2df8642c3ac1..563b42f3f3ba 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1575,7 +1575,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; - void *data = kmalloc(size, GFP_KERNEL); + void *data = kzalloc(size, GFP_KERNEL); if (unlikely(!data)) return 0; ret = regset->get(t->task, regset, |