Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: KMSAN: uninit-value in kmsan_handle_dma #76

Closed
SunHao-0 opened this issue Apr 18, 2020 · 8 comments
Closed

BUG: KMSAN: uninit-value in kmsan_handle_dma #76

SunHao-0 opened this issue Apr 18, 2020 · 8 comments

Comments

@SunHao-0
Copy link
Contributor

While fuzzing latest KMSAN-build with HEALER(syscall fuzzer, not published yet), uninit-value is found in kmsan_handle_dma. It seems KMSAN found bugs in itself.

Caused by this call sequence syscalls.txt.
With this crash msg.txt.
THE latest KMSAN is used with this config config.txt.
@ramosian-glider
Copy link
Member

This may be a valid bug in the kernel,a as kmsan_handle_dma() just checks the memory it received.
In particular, this memory came from a kmalloc() call in elf_core_dump().
Not sure I'll be able to reproduce this bug using your syscall sequence, as it's neither C nor syzlang. What do I need to make it a valid C program?

In the meantime, you can add a memset after the kmalloc call in elf_core_dump() and overwrite the buffer with e.g. 0xAA. Then dump the memory in ata_qc_issue() and check if it's writing 0xAA's on disk.
(Chances also are that I'm handling disk writes incorrectly, and these uninit writes aren't actually happening).

@SunHao-0
Copy link
Contributor Author

It happened five times during fuzzing in 24-h. The syscall sequence is a valid C program without header files, so just include related headers and wrap syscalls in the main function is enough.
Pretty sure it's reproducible. Is it possible that this crash is caused by some other functions called by kmsan_handle_dma(), such as inline function? Thanks for replying.

@ramosian-glider
Copy link
Member

Well, this is not a crash per se, it is a KMSAN report:

[ 1949.562864][ T3256] BUG: KMSAN: uninit-value in kmsan_handle_dma+0x9f/0xb0
...
[ 1949.568947][ T3256] kmsan_internal_check_memory+0x238/0x3d0
[ 1949.569644][ T3256] kmsan_handle_dma+0x9f/0xb0
[ 1949.570203][ T3256] kmsan_handle_dma_sg+0x35/0x50
[ 1949.570801][ T3256] ata_qc_issue+0xc71/0x1570
...
[ 1949.584854][ T3256] Uninit was stored to memory at:
[ 1949.585435][ T3256] kmsan_internal_chain_origin+0xad/0x130
[ 1949.586093][ T3256] kmsan_memcpy_memmove_metadata+0x262/0x2d0
[ 1949.586780][ T3256] kmsan_memcpy_metadata+0xb/0x10
[ 1949.587364][ T3256] __msan_memcpy+0x43/0x50
[ 1949.587876][ T3256] iov_iter_copy_from_user_atomic+0xb02/0x1510
[ 1949.588584][ T3256] generic_perform_write+0x499/0x9a0
[ 1949.589193][ T3256] ext4_buffered_write_iter+0x795/0xac0
[ 1949.589831][ T3256] ext4_file_write_iter+0x1330/0x2c60
[ 1949.590456][ T3256] __vfs_write+0xa5a/0xca0
[ 1949.590967][ T3256] __kernel_write+0x208/0x5f0
[ 1949.591507][ T3256] dump_emit+0x2ba/0x570
[ 1949.591998][ T3256] writenote+0x30c/0x4c0
[ 1949.592488][ T3256] elf_core_dump+0x6c49/0x8000
...
[ 1949.596382][ T3256] Uninit was created at:
[ 1949.596873][ T3256] kmsan_internal_poison_shadow+0x66/0xd0
[ 1949.597536][ T3256] kmsan_slab_alloc+0x8a/0xe0
[ 1949.598075][ T3256] __kmalloc+0x2c1/0x450
[ 1949.598566][ T3256] elf_core_dump+0x21dc/0x8000
[ 1949.599117][ T3256] do_coredump+0x3f74/0x56b0
[ 1949.599648][ T3256] get_signal+0xb36/0x32e0
[ 1949.600160][ T3256] do_signal+0x6f/0xe30
[ 1949.600646][ T3256] prepare_exit_to_usermode+0x2f0/0x520
[ 1949.601286][ T3256] swapgs_restore_regs_and_return_to_usermode+0x0/0x39
[ 1949.602069][ T3256] 
[ 1949.602341][ T3256] Bytes 2600-2647 of 4096 are uninitialized
[ 1949.603017][ T3256] Memory access of size 4096 starts at ffff999becb67000
[ 1949.603843][ T3256] =====================================================

So what presumably happens here is that elf_core_dump() allocates uninitialized memory, which is then written to the filesystem by __vfs_write(), and then asynchronously written to disk by ata_qc_issue().

If you add memset(0xAA) to the respective kmalloc call, you can even inspect the core dump file and search for 0xAA.

@SunHao-0
Copy link
Contributor Author

Thanks, got it. However, title of this kmsan report (uninit-value in kmsan_handle_dma+0x9f/0xb0) is misleading.

@ramosian-glider
Copy link
Member

Actually, the bug can be triggered by a trivial crashing program:

int main() {
  volatile char *c = 0;
  (void)*c;
  return 0;
}

I'm going to send an upstream patch.

@ramosian-glider
Copy link
Member

ramosian-glider commented Apr 19, 2020
edited
Loading

Please let me know how the Reported-by: tag should look like, otherwise I'll send with:

Reported-by: sam <sunhaoyl@outlook.com>

@SunHao-0
Copy link
Contributor Author

Please let me know how the Reported-by: tag should look like, otherwise I'll send with:

Reported-by: sam <sunhaoyl@outlook.com>

Thanks! That would be very nice of you.

ruscur pushed a commit to ruscur/linux that referenced this issue Apr 22, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
9120d07 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue Apr 28, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
b191b41 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue Apr 30, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
a95cdec 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 5, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
ad8d800 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 7, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
57626b2 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
fengguang pushed a commit to 0day-ci/linux that referenced this issue May 7, 2020
@yyu-intel-com @intel-lab-lkp
x86/fpu/xstate: Clear uninitialized xstate areas in core dump
4f8d7be 
In a core dump, copy_xstate_to_kernel() copies only enabled user xfeatures
to a kernel buffer without touching areas for disabled xfeatures.  However,
those uninitialized areas may contain random data, which is then written to
the core dump file and can be read by a non-privileged user.

Fix it by clearing uninitialized areas.

Link: google/kmsan#76
Link: https://lore.kernel.org/lkml/20200419100848.63472-1-glider@google.com/
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Reported-by: sam <sunhaoyl@outlook.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Jann Horn <jannh@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
ruscur pushed a commit to ruscur/linux that referenced this issue May 8, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
cd02f58 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 11, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
624ece6 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 12, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
df62cac 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 14, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
aca969c 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
roxell pushed a commit to roxell/linux that referenced this issue May 15, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
b4f7c72 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 18, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
75f34ca 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 21, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
bb77be1 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 22, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
6cc8e2b 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 25, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
d44a994 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
ruscur pushed a commit to ruscur/linux that referenced this issue May 26, 2020
@ramosian-glider @sfrothwell
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
feccdc9 
KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
anthraxx pushed a commit to anthraxx/linux-hardened that referenced this issue May 27, 2020
@ramosian-glider @anthraxx
backport: fs/binfmt_elf.c: allocate initialized memory in fill_thread…
9d4260d 
…_core_info()

KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
anthraxx pushed a commit to anthraxx/linux-hardened that referenced this issue May 27, 2020
@ramosian-glider @anthraxx
backport: fs/binfmt_elf.c: allocate initialized memory in fill_thread…
dbb4758 
…_core_info()

KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
anthraxx pushed a commit to anthraxx/linux-hardened that referenced this issue May 27, 2020
@ramosian-glider @anthraxx
backport: fs/binfmt_elf.c: allocate initialized memory in fill_thread…
fc7cc65 
…_core_info()

KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
anthraxx pushed a commit to anthraxx/linux-hardened that referenced this issue May 27, 2020
@ramosian-glider @anthraxx
backport: fs/binfmt_elf.c: allocate initialized memory in fill_thread…
2b9d17a 
…_core_info()

KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
anthraxx pushed a commit to anthraxx/linux-hardened that referenced this issue May 27, 2020
@ramosian-glider @anthraxx
backport: fs/binfmt_elf.c: allocate initialized memory in fill_thread…
35cf062 
…_core_info()

KMSAN reported uninitialized data being written to disk when dumping core.
As a result, several kilobytes of kmalloc memory may be written to the
core file and then read by a non-privileged user.

Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: sam <sunhaoyl@outlook.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
torvalds pushed a commit to torvalds/linux that referenced this issue May 28, 2020
@ramosian-glider @torvalds
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
1d60541 
KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mrchapp pushed a commit to mrchapp/linux that referenced this issue Jun 2, 2020
@ramosian-glider @gregkh
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
6f26697 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 20, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
3b15632 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_samsung_exynos7870 that referenced this issue Jun 20, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
d95c379 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I247cd20b7d51612ed27d79424db0fa9318769bf6
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 21, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
d6a6bdf 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 21, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
02df9ff 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 21, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
b8a36e8 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 21, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
ea5af35 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 24, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
83b74b1 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jun 24, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
a049a4d 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 15, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
3f17dc5 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 16, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
166d019 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 16, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
96f517e 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 17, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
7574a6a 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 17, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
a7dfb57 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 18, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
b612f7d 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 18, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
c744edf 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 18, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
5ca9f88 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 18, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
5fca203 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 18, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
70f1f4b 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 19, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
6746f71 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 19, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
a991bed 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_samsung_exynos7870 that referenced this issue Jul 22, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
2be289e 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I247cd20b7d51612ed27d79424db0fa9318769bf6
sfX-bot pushed a commit to AXP-OS/android_kernel_samsung_exynos7870 that referenced this issue Jul 22, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
ae3c379 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I247cd20b7d51612ed27d79424db0fa9318769bf6
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Jul 22, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
c3d6dfc 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Aug 21, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
ced32ce 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Aug 22, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
850d4d7 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Aug 22, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
5a2eef6 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_samsung_exynos7870 that referenced this issue Aug 24, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
9e0c6ee 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I247cd20b7d51612ed27d79424db0fa9318769bf6
sfX-bot pushed a commit to AXP-OS/android_kernel_oneplus_sm8150 that referenced this issue Aug 26, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
60a6e61 
[ Upstream commit 1d60541 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Fuutao pushed a commit to HuTao77-Studio/android_kernel_sharp_sdm845 that referenced this issue Sep 14, 2024
@ramosian-glider @Fuutao
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
31f2603 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
sfX-bot pushed a commit to AXP-OS/android_kernel_samsung_exynos7870 that referenced this issue Sep 19, 2024
@ramosian-glider @sfX-bot
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
76f9c00 
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]

KMSAN reported uninitialized data being written to disk when dumping
core.  As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.

Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: google/kmsan#76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I247cd20b7d51612ed27d79424db0fa9318769bf6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramosian-glider @SunHao-0