• N
    [PATCH] fs: fix libfs data leak · 955eff5a
    Nick Piggin 提交于
    simple_prepare_write leaks uninitialised kernel data.  This happens because
    the it leaves an uninitialised "hole" over the part of the page that the
    write is expected to go to.  This is fine, but it then marks the page
    uptodate, which means a concurrent read can come in and copy the
    uninitialised memory into userspace before it written to.
    
    Fix it by simply marking it uptodate in simple_commit_write instead, after
    the hole has been filled in.  This could theoretically break an fs that
    uses simple_prepare_write and not simple_commit_write, and that relies on
    the incorrect simple_prepare_write behaviour.  Luckily, none of those
    exists in the tree.
    Signed-off-by: NNick Piggin <npiggin@suse.de>
    Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    955eff5a
libfs.c 15.3 KB