Message ID | 20170403173430.GL4864@birch.djwong.org (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
On Mon, Apr 03, 2017 at 10:34:30AM -0700, Darrick J. Wong wrote: > Fix a memory exposure problems in inumbers where we allocate an array of > structures with holes, fail to zero the holes, then blindly copy the > kernel memory contents (junk and all) into userspace. > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > Reviewed-by: Christoph Hellwig <hch@lst.de> BTW, I intend to send this patch (though not the getbmap patch) for 4.11 since kernel memory exposure is usually treated as a security problem. --D > --- > v2: split patches > --- > fs/xfs/xfs_itable.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c > index 2a6d9b1..26d67ce 100644 > --- a/fs/xfs/xfs_itable.c > +++ b/fs/xfs/xfs_itable.c > @@ -583,7 +583,7 @@ xfs_inumbers( > return error; > > bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); > - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); > + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); > do { > struct xfs_inobt_rec_incore r; > int stat; > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 4/3/17 2:42 PM, Darrick J. Wong wrote: > On Mon, Apr 03, 2017 at 10:34:30AM -0700, Darrick J. Wong wrote: >> Fix a memory exposure problems in inumbers where we allocate an array of >> structures with holes, fail to zero the holes, then blindly copy the >> kernel memory contents (junk and all) into userspace. >> >> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> >> Reviewed-by: Christoph Hellwig <hch@lst.de> > > BTW, I intend to send this patch (though not the getbmap patch) for 4.11 > since kernel memory exposure is usually treated as a security problem. I agree with that plan; if this change isn't safe I don't know what is ... -Eric > --D > >> --- >> v2: split patches >> --- >> fs/xfs/xfs_itable.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c >> index 2a6d9b1..26d67ce 100644 >> --- a/fs/xfs/xfs_itable.c >> +++ b/fs/xfs/xfs_itable.c >> @@ -583,7 +583,7 @@ xfs_inumbers( >> return error; >> >> bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); >> - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); >> + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); >> do { >> struct xfs_inobt_rec_incore r; >> int stat; >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Apr 03, 2017 at 03:06:42PM -0500, Eric Sandeen wrote: > On 4/3/17 2:42 PM, Darrick J. Wong wrote: > > On Mon, Apr 03, 2017 at 10:34:30AM -0700, Darrick J. Wong wrote: > >> Fix a memory exposure problems in inumbers where we allocate an array of > >> structures with holes, fail to zero the holes, then blindly copy the > >> kernel memory contents (junk and all) into userspace. > >> > >> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > >> Reviewed-by: Christoph Hellwig <hch@lst.de> > > > > BTW, I intend to send this patch (though not the getbmap patch) for 4.11 > > since kernel memory exposure is usually treated as a security problem. > > I agree with that plan; if this change isn't safe I don't know what > is ... Yes. Please send this for 4.11-rc. -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c index 2a6d9b1..26d67ce 100644 --- a/fs/xfs/xfs_itable.c +++ b/fs/xfs/xfs_itable.c @@ -583,7 +583,7 @@ xfs_inumbers( return error; bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); do { struct xfs_inobt_rec_incore r; int stat;