Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2512114ybz; Sun, 19 Apr 2020 03:10:21 -0700 (PDT) X-Google-Smtp-Source: APiQypJUbQ7PJGSLkP9Umldx+Otm6yW6nOXTK++e6LzUCDrl82hyTFwj8Xn60ph8jJBYMzI/tszO X-Received: by 2002:a17:906:3481:: with SMTP id g1mr10765491ejb.305.1587291021283; Sun, 19 Apr 2020 03:10:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587291021; cv=none; d=google.com; s=arc-20160816; b=SxSszKQ4TA17Se5TU0P0Sr3/QUqX3+/r/4cl531g/vxkcQRcqj6GAWHlbGtzXvQRBu dKhEXQMC1DXByKBvwGD++IhBgyhPC3Pu6GP9f88aJRGKy36PLQGZe/axWugD9jQhi8dt KK+3hC0BTo6xKSSBlwc+u5lL8Yany3QYTb+/3XjKDQC85ui6/Khq0J7s+Pw9H9DFvugk a6lC2b2kmGPBIC7y7XjbNUYrsGrPRkGUPdlMdJoqedga+arsuuU6PukfDRi9C/ZJ7Ckt jpvST8hSUyw/7uzBh/iGseOzSjFbp7FaQlE8kjFtDXpjMRCLmUyAzPz8tIIZfdDnn13b UULA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=x4Jf9OoxVu57scXjQnvCCYWih0l2+dbJzXSbsRXxgIM=; b=XGaCW5Rq1WleQTShkm9KTF9gc305P/Zf8QYaFIBMwiA9i/LRl45hIdKTKaTQmjhWCq rkm6a/VsNjKJPrO9RJX1MsxNLVLViVsI1wZ/IueN28uej0CPqt8GyJvriHTW9ub8eZvg oAGVtZmk/bs/3F1OgeYUdUuPGoHxRDYjmzm+ld/i92HpOEg0GJeHtKmKGoYdxsGKxEHH 2AQb7YqtcdwI5NBipJTGJjOJdnGuzo5M3Yqk9oAmk24fbmjMUKLrPHfyOXQTBbo8nHxS fHvvUH5xEW8s7WHpMPk/bidCiTbryugI01QjdlQzEuwUON3pFG7aiVKhxCh0AEUYlu1N l+pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kcP7+Kil; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f10si10924321ejw.89.2020.04.19.03.09.57; Sun, 19 Apr 2020 03:10:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kcP7+Kil; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725947AbgDSKI5 (ORCPT + 99 others); Sun, 19 Apr 2020 06:08:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1725832AbgDSKI4 (ORCPT ); Sun, 19 Apr 2020 06:08:56 -0400 Received: from mail-wr1-x44a.google.com (mail-wr1-x44a.google.com [IPv6:2a00:1450:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BB00C061A0C for ; Sun, 19 Apr 2020 03:08:56 -0700 (PDT) Received: by mail-wr1-x44a.google.com with SMTP id v9so1225277wrt.7 for ; Sun, 19 Apr 2020 03:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=x4Jf9OoxVu57scXjQnvCCYWih0l2+dbJzXSbsRXxgIM=; b=kcP7+KilBa7sG3vcdVd4D8AEvObD4rH5WrNB/oiGTKhdUEq4khUD/ZiKKw5dCSCXQb bwvxhlHYDTdCAxs3M/3+jfMZGtGw6t4xthTlGtsrkUKI44c7ol9KkbGYNL0FM2TpgOlq AymMh+gnuqABTrk0n/Sz5ivAhOI8HpWqYr32Ags6Flzj/iknuM0LqIkyGpesVw6lTj3U Qwgnjn6peyTHioblgFMcxcQdeleUUgIuU0o1fKDs3rMHAqadTz7PQLwv4awoxYkyCLrP upVRl00XpCNfjV/sK7g0mxOM7aNPFZR1I1kC22YmtkoXvFSEx2BeXmHwTzK+yCFzvTvJ kcTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=x4Jf9OoxVu57scXjQnvCCYWih0l2+dbJzXSbsRXxgIM=; b=rNm9QRTt++A81ph436fKALN5iMjVfLBZiscj8PkHeX+8Hac8x4LQW/8QiWjRGgiyjt AdT5K3wMM0Uexu+MC0PsUUVFz+vOnN2s6Gp4M/XgxOp/ka19MY/P596Tf8Utywi0vOlC uCeCsnxnFtlHjsFqILJDOKIyHZqJF4PPUOetx1KemkvgUGkzoAYRCh1OTOeALOALyiW7 OIOVTT+oHQjI9rp28AcEOXH7LyzlCxSWjTc3uXGa7C3cJnFz+YkhMMj44rX5d/unT4bq q4cwzZj3ytRrX1tfh8OQ82PH2sMcE/T+hYd3nsa/pPPCzUrwFsjuCR7opS6Sap/wq5Ai 07og== X-Gm-Message-State: AGi0PuZKrPGba//7C0BwxtL310q3XtvnIyu/F2aKtaykEQ+/GqBK73xI jcO+33JZoBFANlKVxwqaI7jqjkIMw8Q= X-Received: by 2002:a5d:5304:: with SMTP id e4mr12407894wrv.87.1587290934113; Sun, 19 Apr 2020 03:08:54 -0700 (PDT) Date: Sun, 19 Apr 2020 12:08:48 +0200 Message-Id: <20200419100848.63472-1-glider@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.26.1.301.g55bc3eb7cb9-goog Subject: [PATCH] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() From: glider@google.com To: adobriyan@gmail.com, akpm@linux-foundation.org Cc: linux-kernel@vger.kernel.org, sunhaoyl@outlook.com, Alexander Potapenko Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KMSAN reported uninitialized data being written to disk when dumping core. As a result, several kilobytes of kmalloc memory may be written to the core file and then read by a non-privileged user. Reported-by: sam Signed-off-by: Alexander Potapenko --- Note: Reported-by: line is subject to change --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 13f25e241ac4..25d489bc9453 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1733,7 +1733,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset_size(t->task, regset); - void *data = kmalloc(size, GFP_KERNEL); + void *data = kzalloc(size, GFP_KERNEL); if (unlikely(!data)) return 0; ret = regset->get(t->task, regset, -- 2.26.1.301.g55bc3eb7cb9-goog