Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp117833ybz;
        Tue, 21 Apr 2020 05:56:04 -0700 (PDT)
X-Google-Smtp-Source: APiQypJFto//uwbbqQZc3JZ3cwyrWJFqJk9XcgsMgiT6rjomtQ37Z9/akz68uJXOGpv5u8U64R67
X-Received: by 2002:a17:906:4553:: with SMTP id s19mr20612490ejq.295.1587473764012;
        Tue, 21 Apr 2020 05:56:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587473764; cv=none;
        d=google.com; s=arc-20160816;
        b=vqmKxJBvJMgP/iSfHqJeXUyvGZ38hhpUBsf/pHdfd+Gzw48cGmHrUAdujkh2z3AqP3
         O9QwdZAxz/3Ajl98O858+iiQM6hRYeg2i+f465wG9qe0x00Ik2aJ1elKgvSHhXpjAlZV
         uUOuIfPBseuclSukkfzgHt0v/b3XZG9plgUpT6qL5ONCFgzGrYnZpM+eavLL9NRyrKzA
         +ZpczXa3JuakJ4D71J8UibLL9MIv+pPk1QzKN8uSL8wkaCgI5m0rDecMeWeh6tBHhus5
         K9AOu1SVdyFfblQ8h0UTcraFZKlmq/hc7+MgqSAoEqjoKzEeMXVxeoK5Nj3C+Z6iz+Bw
         9LDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=XKLt2tLOhrFeYQr9v0zgziEwqqiniTJlgpCzFjl5g3A=;
        b=cFPExNxnzxHtPWWKLLhs5MB6qKIPIXmm0u+jfvwDTJdZSTixf80055Q7oD8rHB/BbS
         cuMbRE+uK3svCojCSjXL/nJ7C3DgxuYSntVKnHzYmwg1HBAOZDN2zl1UESJAKqWXTU8v
         sbgdIDr9I4+IprAcxFuzcAKO7+tKOsYQcbQ9r9RZ5Ei/PBnjryqDpmSq1S40nXOobyxl
         9gDWvN6LtPajF75DHlxsXiLxEU2caduNCcqN/b6CN1srou8BWLJeeGhMKTsrh3R4k6hm
         x8Qa9ROlDAU01E6wdL21kG8EhLLSYkYEAM4ea8ZLWtt1i1p3VyFeDv/9yGsVwJAzi3ad
         ykpA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qv7lLQEJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g5si1444253ejs.290.2020.04.21.05.55.40;
        Tue, 21 Apr 2020 05:56:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qv7lLQEJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728819AbgDUMyl (ORCPT <rfc822;1dalishi1@gmail.com> + 99 others);
        Tue, 21 Apr 2020 08:54:41 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33936 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1728285AbgDUMyk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Apr 2020 08:54:40 -0400
Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13578C061A10
        for <linux-kernel@vger.kernel.org>; Tue, 21 Apr 2020 05:54:40 -0700 (PDT)
Received: by mail-wr1-x443.google.com with SMTP id k11so16367524wrp.5
        for <linux-kernel@vger.kernel.org>; Tue, 21 Apr 2020 05:54:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=XKLt2tLOhrFeYQr9v0zgziEwqqiniTJlgpCzFjl5g3A=;
        b=qv7lLQEJ4KbfzmSp27WFTe8qKCESnFOmeVUGTaFGeKhCgf/K/AvJ7Fh7RDD+BovKub
         vg4xU/XPxtADY88BALs/2GpHG8IIjoIZynCztJQHA0k6Pu1frz62L9TUhQtdzehTbcGA
         HNAUKQHLTal9AfO2FyEWZpYfSZkXZtYcmSeDE9ijE+SeVyMJ93rsVG7vLMbG8dXGBe7L
         60x3Ml1x3zpZBQlPrtZJBxghR3u0qDKj3N+C04S5yLMIt/U920QnD7nrEKNJyNdpa4n4
         wwFFM7eh6VDskWlCWGoITe0paTXp6l+THa6Uumo5qlzR87pfKj+P+dJLHPPGByGQSOKc
         9ISg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=XKLt2tLOhrFeYQr9v0zgziEwqqiniTJlgpCzFjl5g3A=;
        b=Ir8INcdIAQ+ap65SnEwXU8MfoR1bN+MTOKosN22iNyuGqnt96eUzQwXfoLkN4PfJoU
         G307KGmv2bWfZqwkKOtK1NmXYwmnMYPUewzGJ/0/cYteViW6ZyCl+JdAT7X/owg/oTf2
         uiby8AtisVXpour8xwa+EInUYAMW/1gzWMuptPkZ7+PS04Z9eRh51IvQ2FrEebI8u2QK
         tYftQXDEVLUCCkYu3yaIU1a2TEDhIKcJhhAOa7Gf/MBgBrsttYS0zp2z+tB6tTgGBjCD
         uEMoNrYPFwB7qq09a20aDYFroHCSYVwmbo9Pb3Ymce5Kt069dllYnG52gWbNj+Mx1O3G
         WTNw==
X-Gm-Message-State: AGi0PuaV/jDYBHDHqMEcjuH0sDgdOdIL9tG3LseGcV24NJTxoEP9XzqW
        qA+7tThGYotP69Y52rAQoJDZUbbU2vKOZ/AfGGYW3A==
X-Received: by 2002:adf:f091:: with SMTP id n17mr23737132wro.200.1587473678527;
 Tue, 21 Apr 2020 05:54:38 -0700 (PDT)
MIME-Version: 1.0
References: <20200419100848.63472-1-glider@google.com> <20200420153352.6682533e794f591dae7aafbc@linux-foundation.org>
 <202004201540.01C8F82B@keescook> <20200421034249.GB23230@ZenIV.linux.org.uk>
In-Reply-To: <20200421034249.GB23230@ZenIV.linux.org.uk>
From:   Alexander Potapenko <glider@google.com>
Date:   Tue, 21 Apr 2020 14:54:23 +0200
Message-ID: <CAG_fn=X_eQ4G-0+oAO_q+_zRnkfMf4uhfMcnoYt4i1N_noKgdA@mail.gmail.com>
Subject: Re: [PATCH] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
To:     Al Viro <viro@zeniv.linux.org.uk>
Cc:     Kees Cook <keescook@chromium.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>, sunhaoyl@outlook.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 21, 2020 at 5:42 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Mon, Apr 20, 2020 at 03:41:40PM -0700, Kees Cook wrote:
> > On Mon, Apr 20, 2020 at 03:33:52PM -0700, Andrew Morton wrote:
> > > On Sun, 19 Apr 2020 12:08:48 +0200 glider@google.com wrote:
> > >
> > > > KMSAN reported uninitialized data being written to disk when dumpin=
g
> > > > core. As a result, several kilobytes of kmalloc memory may be writt=
en to
> > > > the core file and then read by a non-privileged user.
> >
> > Ewww. That's been there for 12 years. Did something change in
> > regset_size() or regset->get()? Do you know what leaves the hole?
>
> Not lately and I would also like to hear the details; which regset it is?
> Should be reasonably easy to find - just memset() the damn thing to somet=
hing
> recognizable, do whatever triggers that KMSAN report and look at that
> resulting coredump.
>

Seems to be REGSET_XSTATE filled by xstateregs_get().
Is there a ptrace interface also using that function?

--=20
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Stra=C3=9Fe, 33
80636 M=C3=BCnchen

Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg