fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

to #27338374 commit 1d605416fb7175e1adf094251466caa52093b413 upstream. KMSAN reported uninitialized data being written to disk when dumping core. As a result, several kilobytes of kmalloc memory may be written to the core file and then read by a non-privileged user. Reported-by: N sam <sunhaoyl@outlook.com> Signed-off-by: N Alexander Potapenko <glider@google.com> Signed-off-by: N Andrew Morton <akpm@linux-foundation.org> Acked-by: N Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: <stable@vger.kernel.org> Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com Link: https://github.com/google/kmsan/issues/76Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Reference: CVE-2020-10732 Signed-off-by: N Shile Zhang <shile.zhang@linux.alibaba.com> Acked-by: N Joseph Qi <joseph.qi@linux.alibaba.com>

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
to #27338374 commit 1d605416fb7175e1adf094251466caa52093b413 upstream. KMSAN reported uninitialized data being written to disk when dumping core. As a result, several kilobytes of kmalloc memory may be written to the core file and then read by a non-privileged user. Reported-by: N sam <sunhaoyl@outlook.com> Signed-off-by: N Alexander Potapenko <glider@google.com> Signed-off-by: N Andrew Morton <akpm@linux-foundation.org> Acked-by: N Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: <stable@vger.kernel.org> Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com Link: https://github.com/google/kmsan/issues/76Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Reference: CVE-2020-10732 Signed-off-by: N Shile Zhang <shile.zhang@linux.alibaba.com> Acked-by: N Joseph Qi <joseph.qi@linux.alibaba.com>
be1c1391 · Alexander Potapenko · Shile Zhang · 262d517b · be1c1391
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/binfmt_elf.c fs/binfmt_elf.c +1 -1

未找到文件。
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1766,7 +1766,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
 		    (!regset->active || regset->active(t->task, regset) > 0)) {
 			int ret;
 			size_t size = regset_size(t->task, regset);
-			void *data = kmalloc(size, GFP_KERNEL);
+			void *data = kzalloc(size, GFP_KERNEL);
 			if (unlikely(!data))
 				return 0;
 			ret = regset->get(t->task, regset,