mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
900,287 Commits 103 Branches 4,999 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Johannes Thumshirn 73db209dcd btrfs: fix information leak in btrfs_ioctl_logical_to_ino() 
commit 2f7ef5bb4a upstream.

Syzbot reported the following information leak for in
btrfs_ioctl_logical_to_ino():

  BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
  BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40
   instrument_copy_to_user include/linux/instrumented.h:114 [inline]
   _copy_to_user+0xbc/0x110 lib/usercopy.c:40
   copy_to_user include/linux/uaccess.h:191 [inline]
   btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499
   btrfs_ioctl+0x714/0x1260
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:904 [inline]
   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890
   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890
   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

  Uninit was created at:
   __kmalloc_large_node+0x231/0x370 mm/slub.c:3921
   __do_kmalloc_node mm/slub.c:3954 [inline]
   __kmalloc_node+0xb07/0x1060 mm/slub.c:3973
   kmalloc_node include/linux/slab.h:648 [inline]
   kvmalloc_node+0xc0/0x2d0 mm/util.c:634
   kvmalloc include/linux/slab.h:766 [inline]
   init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779
   btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480
   btrfs_ioctl+0x714/0x1260
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:904 [inline]
   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890
   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890
   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

  Bytes 40-65535 of 65536 are uninitialized
  Memory access of size 65536 starts at ffff888045a40000

This happens, because we're copying a 'struct btrfs_data_container' back
to user-space. This btrfs_data_container is allocated in
'init_data_container()' via kvmalloc(), which does not zero-fill the
memory.

Fix this by using kvzalloc() which zeroes out the memory on allocation.

CC: stable@vger.kernel.org # 4.14+
Reported-by:  <syzbot+510a1abbb8116eeb341d@syzkaller.appspotmail.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Johannes Thumshirn <Johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-05-02 16:18:36 +02:00
Documentation x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled 2024-04-13 12:51:32 +02:00
LICENSES
arch ARC: [plat-hsdk]: Remove misplaced interrupt-cells property 2024-05-02 16:18:33 +02:00
block block: prevent division by zero in blk_rq_stat_sum() 2024-04-13 12:51:38 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:11:22 +02:00
crypto Revert "crypto: api - Disallow identical driver names" 2024-05-02 16:18:35 +02:00
drivers Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 2024-05-02 16:18:36 +02:00
fs btrfs: fix information leak in btrfs_ioctl_logical_to_ino() 2024-05-02 16:18:36 +02:00
include tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together 2024-05-02 16:18:35 +02:00
init init: open /initrd.image with O_LARGEFILE 2024-04-13 12:51:36 +02:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:23:06 +01:00
kernel tracing: Show size of requested perf buffer 2024-05-02 16:18:35 +02:00
lib net: blackhole_dev: fix build warning for ethh set but not used 2024-03-26 18:22:15 -04:00
mm x86/mm/pat: fix VM_PAT handling in COW mappings 2024-04-13 12:51:40 +02:00
net Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() 2024-05-02 16:18:36 +02:00
samples media: rename VFL_TYPE_GRABBER to _VIDEO 2024-03-26 18:22:22 -04:00
scripts kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 2024-04-13 12:51:26 +02:00
security smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() 2024-04-13 12:51:22 +02:00
sound ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone 2024-04-13 12:51:36 +02:00
tools selftests/ftrace: Limit length in subsystem-enable tests 2024-05-02 16:18:29 +02:00
usr
virt KVM: async_pf: Cleanup kvm_setup_async_pf() 2024-05-02 16:18:32 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS iio: stx104: Move to addac subdirectory 2023-08-30 16:27:12 +02:00
Makefile Linux 5.4.274 2024-04-13 12:51:41 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.