redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/tty
History
Alexander Potapenko 21eff69aaa vt: prevent leaking uninitialized data to userspace via /dev/vcs* 
KMSAN reported an infoleak when reading from /dev/vcs*:

  BUG: KMSAN: kernel-infoleak in vcs_read+0x18ba/0x1cc0
  Call Trace:
  ...
   kmsan_copy_to_user+0x7a/0x160 mm/kmsan/kmsan.c:1253
   copy_to_user ./include/linux/uaccess.h:184
   vcs_read+0x18ba/0x1cc0 drivers/tty/vt/vc_screen.c:352
   __vfs_read+0x1b2/0x9d0 fs/read_write.c:416
   vfs_read+0x36c/0x6b0 fs/read_write.c:452
  ...
  Uninit was created at:
   kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279
   kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189
   kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315
   __kmalloc+0x13a/0x350 mm/slub.c:3818
   kmalloc ./include/linux/slab.h:517
   vc_allocate+0x438/0x800 drivers/tty/vt/vt.c:787
   con_install+0x8c/0x640 drivers/tty/vt/vt.c:2880
   tty_driver_install_tty drivers/tty/tty_io.c:1224
   tty_init_dev+0x1b5/0x1020 drivers/tty/tty_io.c:1324
   tty_open_by_driver drivers/tty/tty_io.c:1959
   tty_open+0x17b4/0x2ed0 drivers/tty/tty_io.c:2007
   chrdev_open+0xc25/0xd90 fs/char_dev.c:417
   do_dentry_open+0xccc/0x1440 fs/open.c:794
   vfs_open+0x1b6/0x2f0 fs/open.c:908
  ...
  Bytes 0-79 of 240 are uninitialized

Consistently allocating |vc_screenbuf| with kzalloc() fixes the problem

Reported-by: syzbot+17a8efdf800000@syzkaller.appspotmail.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-06-28 21:34:39 +09:00
..
hvc treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
ipwireless tty: ipwireless: Replace GFP_ATOMIC with GFP_KERNEL in ipwireless_network_create 2018-04-23 10:57:06 +02:00
serdev serdev: fix memleak on module unload 2018-06-28 21:34:39 +09:00
serial serial: 8250_pci: Remove stalled entries in blacklist 2018-06-28 21:34:39 +09:00
vt vt: prevent leaking uninitialized data to userspace via /dev/vcs* 2018-06-28 21:34:39 +09:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2018-04-09 09:04:10 -07:00
Makefile tty: remove bfin_jtag_comm and hvc_bfin_jtag drivers 2018-03-26 15:57:24 +02:00
amiserial.c tty: replace ->proc_fops with ->proc_show 2018-05-16 07:24:30 +02:00
cyclades.c tty: replace ->proc_fops with ->proc_show 2018-05-16 07:24:30 +02:00
ehv_bytechan.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
goldfish.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
isicom.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
mips_ejtag_fdc.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
moxa.c tty: moxa: Add support for CMSPAR 2017-11-28 15:32:33 +01:00
moxa.h tty: moxa: Add support for CMSPAR 2017-11-28 15:32:33 +01:00
mxser.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
mxser.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
n_gsm.c Merge 4.17-rc3 into tty-next 2018-04-30 05:14:55 -07:00
n_hdlc.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
n_null.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_r3964.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
n_tracerouter.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tracesink.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tracesink.h tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
n_tty.c n_tty: Access echo_* variables carefully. 2018-06-28 21:30:16 +09:00
nozomi.c tty/nozomi: fix inconsistent indentation 2018-04-25 14:54:26 +02:00
pty.c tty: Fix data race in tty_insert_flip_string_fixed_flag 2018-05-14 13:52:35 +02:00
rocket.c treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
rocket.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rocket_int.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
synclink.c tty: replace ->proc_fops with ->proc_show 2018-05-16 07:24:30 +02:00
synclink_gt.c tty: replace ->proc_fops with ->proc_show 2018-05-16 07:24:30 +02:00
synclinkmp.c tty: replace ->proc_fops with ->proc_show 2018-05-16 07:24:30 +02:00
sysrq.c fs: add ksys_sync() helper; remove in-kernel calls to sys_sync() 2018-04-02 20:16:05 +02:00
tty_audit.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
tty_baudrate.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_buffer.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_io.c vfs: change inode times to use struct timespec64 2018-06-05 16:57:31 -07:00
tty_ioctl.c tty: add missing const to termios hw-change helper 2018-05-22 10:08:05 +02:00
tty_jobctrl.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
tty_ldisc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
tty_ldsem.c tty: Remove redundant license text 2017-11-08 13:08:12 +01:00
tty_mutex.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tty_port.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
vcc.c tty: vcc: Convert timers to use timer_setup() 2017-11-04 12:01:54 +01:00