From patchwork Sat Jun 3 13:18:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 9764207 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F0270602B6 for ; Sat, 3 Jun 2017 13:18:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E199828470 for ; Sat, 3 Jun 2017 13:18:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D650428579; Sat, 3 Jun 2017 13:18:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8A0DE28470 for ; Sat, 3 Jun 2017 13:18:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751240AbdFCNSs (ORCPT ); Sat, 3 Jun 2017 09:18:48 -0400 Received: from bombadil.infradead.org ([65.50.211.133]:50758 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751149AbdFCNSs (ORCPT ); Sat, 3 Jun 2017 09:18:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Vhvot9OpUI8ZPO55u3tgZjb0qroFtN4KQC2bZurwhb4=; b=o869vZ4jcb6M22tJ4aUr0TYFE jGe6KOcZsnJCXXyoEUGkjgNG070woX8F5w4meGPmKMVMH1LSL3qnrNZ/sjqi9y3esZ+xSiL+T+wwe sM5Xea98qa++ogo6+Pc7Zbr1IODQghYVarQNwREoO3zJ2C93gGjSyn6J1KiVsAlpnMQz8Rxe2oplk Rp26AJmobZn+3z10d/lfryBpDXhT7jtYz4euX6+RY9hoDbYns7OM/anXac1oqQslAb6K6F08Xi4mv ASyNMzI9Ahg8bCD301FavcprsJ3GVZY54hep7pBbxCg34oS26yH8y2mTaOuXnzvoLoQAe/7h3VfxT RjWxZA9LQ==; Received: from p4ff2fcbf.dip0.t-ipconnect.de ([79.242.252.191] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.87 #1 (Red Hat Linux)) id 1dH8x5-00005Y-HE; Sat, 03 Jun 2017 13:18:47 +0000 From: Christoph Hellwig To: stable@vger.kernel.org Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" Subject: [PATCH 03/25] xfs: fix kernel memory exposure problems Date: Sat, 3 Jun 2017 15:18:14 +0200 Message-Id: <20170603131836.26661-4-hch@lst.de> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170603131836.26661-1-hch@lst.de> References: <20170603131836.26661-1-hch@lst.de> X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: "Darrick J. Wong" commit bf9216f922612d2db7666aae01e65064da2ffb3a upstream. Fix a memory exposure problems in inumbers where we allocate an array of structures with holes, fail to zero the holes, then blindly copy the kernel memory contents (junk and all) into userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_itable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c index 66e881790c17..d8a77dbf4e3a 100644 --- a/fs/xfs/xfs_itable.c +++ b/fs/xfs/xfs_itable.c @@ -585,7 +585,7 @@ xfs_inumbers( return error; bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); do { struct xfs_inobt_rec_incore r; int stat;