mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
728,406 Commits 103 Branches 5,012 Tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Eric Dumazet 749d2e33bf net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 
commit 50535249f6 upstream.

struct sockaddr_qrtr has a 2-byte hole, and qrtr_recvmsg() currently
does not clear it before copying kernel data to user space.

It might be too late to name the hole since sockaddr_qrtr structure is uapi.

BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x9c/0xb0 mm/kmsan/kmsan_hooks.c:249
CPU: 0 PID: 29705 Comm: syz-executor.3 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 kmsan_internal_check_memory+0x202/0x520 mm/kmsan/kmsan.c:402
 kmsan_copy_to_user+0x9c/0xb0 mm/kmsan/kmsan_hooks.c:249
 instrument_copy_to_user include/linux/instrumented.h:121 [inline]
 _copy_to_user+0x1ac/0x270 lib/usercopy.c:33
 copy_to_user include/linux/uaccess.h:209 [inline]
 move_addr_to_user+0x3a2/0x640 net/socket.c:237
 ____sys_recvmsg+0x696/0xd50 net/socket.c:2575
 ___sys_recvmsg net/socket.c:2610 [inline]
 do_recvmmsg+0xa97/0x22d0 net/socket.c:2710
 __sys_recvmmsg net/socket.c:2789 [inline]
 __do_sys_recvmmsg net/socket.c:2812 [inline]
 __se_sys_recvmmsg+0x24a/0x410 net/socket.c:2805
 __x64_sys_recvmmsg+0x62/0x80 net/socket.c:2805
 do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x465f69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f43659d6188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69
RDX: 0000000000000008 RSI: 0000000020003e40 RDI: 0000000000000003
RBP: 00000000004bfa8f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000010060 R11: 0000000000000246 R12: 000000000056bf60
R13: 0000000000a9fb1f R14: 00007f43659d6300 R15: 0000000000022000

Local variable ----addr@____sys_recvmsg created at:
 ____sys_recvmsg+0x168/0xd50 net/socket.c:2550
 ____sys_recvmsg+0x168/0xd50 net/socket.c:2550

Bytes 2-3 of 12 are uninitialized
Memory access of size 12 starts at ffff88817c627b40
Data copied to user address 0000000020000140

Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Courtney Cavin <courtney.cavin@sonymobile.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-03-30 14:40:12 +02:00
Documentation sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output 2021-03-07 11:27:45 +01:00
arch arm64: kdump: update ppos when reading elfcorehdr 2021-03-30 14:40:11 +02:00
block blk-settings: align max_sectors on "logical_block_size" boundary 2021-03-03 18:22:50 +01:00
certs certs: Fix blacklist flag type confusion 2021-03-03 18:22:46 +01:00
crypto crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() 2021-03-03 18:22:43 +01:00
drivers can: dev: Move device back to init netns on owning netns delete 2021-03-30 14:40:12 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs squashfs: fix xattr id and id lookup sanity checks 2021-03-30 14:40:09 +02:00
include net: sched: validate stab values 2021-03-30 14:40:12 +02:00
init printk: reduce LOG_BUF_SHIFT range for H8300 2020-11-05 11:06:55 +01:00
ipc ipc/util.c: sysvipc_find_ipc() incorrectly updates position index 2020-05-20 08:17:07 +02:00
kernel genirq: Disable interrupts for force threaded handlers 2021-03-24 11:05:06 +01:00
lib lib/string: Add strscpy_pad() function 2021-02-23 14:00:30 +01:00
mm Revert "mm, slub: consider rest of partial list if acquire_slab() fails" 2021-03-17 16:34:28 +01:00
net net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 2021-03-30 14:40:12 +02:00
samples samples: bpf: Fix lwt_len_hist reusing previous BPF map 2020-12-29 13:46:56 +01:00
scripts scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names 2021-03-17 16:34:28 +01:00
security Revert 95ebabde38 ("capabilities: Don't allow writing ambiguous v3 file capabilities") 2021-03-17 16:34:31 +01:00
sound ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar 2021-03-17 16:34:31 +01:00
tools perf auxtrace: Fix auxtrace queue conflict 2021-03-30 14:40:12 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: arm64: Fix exclusive limit for IPA size 2021-03-17 16:34:35 +01:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 16:36:12 +01:00
Makefile Linux 4.14.227 2021-03-24 11:05:06 +01:00
README

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.