redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
Fork of alistair23 Linux kernel for reMarkable from https://github.com/alistair23/linux
877,523 Commits
15 Branches
0 Tags
3.4 GiB
C 97.7%
Assembly 1.4%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Other 0.1%
 
 
 
 
 
 
Go to file
Eric Biggers b25af84517 libfs: fix infoleak in simple_attr_read() 
commit a65cab7d7f upstream.

Reading from a debugfs file at a nonzero position, without first reading
at position 0, leaks uninitialized memory to userspace.

It's a bit tricky to do this, since lseek() and pread() aren't allowed
on these files, and write() doesn't update the position on them.  But
writing to them with splice() *does* update the position:

	#define _GNU_SOURCE 1
	#include <fcntl.h>
	#include <stdio.h>
	#include <unistd.h>
	int main()
	{
		int pipes[2], fd, n, i;
		char buf[32];

		pipe(pipes);
		write(pipes[1], "0", 1);
		fd = open("/sys/kernel/debug/fault_around_bytes", O_RDWR);
		splice(pipes[0], NULL, fd, NULL, 1, 0);
		n = read(fd, buf, sizeof(buf));
		for (i = 0; i < n; i++)
			printf("%02x", buf[i]);
		printf("\n");
	}

Output:
	5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a30

Fix the infoleak by making simple_attr_read() always fill
simple_attr::get_buf if it hasn't been filled yet.

Reported-by: syzbot+fcab69d1ada3e8d6f06b@syzkaller.appspotmail.com
Reported-by: Alexander Potapenko <glider@google.com>
Fixes: acaefc25d2 ("[PATCH] libfs: add simple attribute files")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200308023849.988264-1-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-04-01 11:02:17 +02:00
Documentation dt-bindings: net: FMan erratum A050385 2020-04-01 11:01:52 +02:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
arch ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection 2020-04-01 11:02:11 +02:00
block block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() 2020-03-25 08:25:49 +01:00
certs PKCS#7: Refactor verify_pkcs7_signature() 2019-08-05 18:40:18 -04:00
crypto crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-28 17:22:26 +01:00
drivers ahci: Add Intel Comet Lake H RAID PCI ID 2020-04-01 11:02:17 +02:00
fs libfs: fix infoleak in simple_attr_read() 2020-04-01 11:02:17 +02:00
include ieee80211: fix HE SPR size calculation 2020-04-01 11:02:09 +02:00
init kbuild: remove header compile test 2020-03-05 16:43:47 +01:00
ipc Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" 2020-02-28 17:22:20 +01:00
kernel bpf: Undo incorrect __reg_bound_offset32 handling 2020-04-01 11:02:13 +02:00
lib kbuild: move headers_check rule to usr/include/Makefile 2020-03-05 16:43:47 +01:00
mm mm: fork: fix kernel_stack memcg stats for various stack implementations 2020-04-01 11:02:03 +02:00
net vti6: Fix memory leak of skb if input policy check fails 2020-04-01 11:02:12 +02:00
samples samples/bpf: Set -fno-stack-protector when building BPF programs 2020-02-24 08:36:36 +01:00
scripts scripts/dtc: Remove redundant YYLOC global declaration 2020-04-01 11:02:00 +02:00
security efi: Only print errors about failing to get certs if EFI vars are found 2020-03-12 13:00:14 +01:00
sound ALSA: hda/realtek: Fix pop noise on ALC225 2020-03-25 08:25:59 +01:00
tools tools: Let O= makes handle a relative path with -C option 2020-04-01 11:02:00 +02:00
usr kbuild: fix 'No such file or directory' warning when cleaning 2020-03-12 13:00:09 +01:00
virt KVM: Check for a bad hva before dropping into the ghc slow path 2020-03-05 16:43:48 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Modules updates for v5.4 2019-09-22 10:34:46 -07:00
.mailmap ARM: SoC fixes 2019-11-10 13:41:59 -08:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer 2019-10-10 08:12:51 -07:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 17:22:19 +01:00
Makefile Linux 5.4.28 2020-03-25 08:26:00 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.