From: Alexander Potapenko Date: Thu, 28 May 2020 05:20:52 +0000 (-0700) Subject: fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() X-Git-Tag: MMI-QSAS30.62-33-12~1 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cb691c5aacf1b6dab30bc90a13588e14975c452c;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() [ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ] KMSAN reported uninitialized data being written to disk when dumping core. As a result, several kilobytes of kmalloc memory may be written to the core file and then read by a non-privileged user. Mot-CRs-fixed: (CR) CVE-Fixed: CVE-2020-10732 Bug: 170658976 Change-Id: I4fee1e083969bdb872a725c4ded238ef29d1d7b1 Reported-by: sam Signed-off-by: Alexander Potapenko Signed-off-by: Andrew Morton Acked-by: Kees Cook Cc: Al Viro Cc: Alexey Dobriyan Cc: Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com Link: https://github.com/google/kmsan/issues/76 Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin Signed-off-by: Jignesh Patel Reviewed-on: https://gerrit.mot.com/1828648 SLTApproved: Slta Waiver SME-Granted: SME Approvals Granted Tested-by: Jira Key Reviewed-by: Xiangpo Zhao Submit-Approved: Jira Key --- diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 469666df91da..f7dbdb5b635b 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; - void *data = kmalloc(size, GFP_KERNEL); + void *data = kzalloc(size, GFP_KERNEL); if (unlikely(!data)) return 0; ret = regset->get(t->task, regset,