Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-13 07:31:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
d63967e475
linux/drivers
History
Eric Dumazet d63967e475 isdn: fix kernel-infoleak in capi_unlocked_ioctl 
Since capi_ioctl() copies 64 bytes after calling
capi20_get_manufacturer() we need to ensure to not leak
information to user.

BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
CPU: 0 PID: 11245 Comm: syz-executor633 Not tainted 4.20.0-rc7+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x173/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
 kmsan_internal_check_memory+0x9d4/0xb00 mm/kmsan/kmsan.c:704
 kmsan_copy_to_user+0xab/0xc0 mm/kmsan/kmsan_hooks.c:601
 _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
 capi_ioctl include/linux/uaccess.h:177 [inline]
 capi_unlocked_ioctl+0x1a0b/0x1bf0 drivers/isdn/capi/capi.c:939
 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46
 ksys_ioctl fs/ioctl.c:713 [inline]
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl+0x1da/0x270 fs/ioctl.c:718
 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:718
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x440019
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdd4659fb8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
RDX: 0000000020000080 RSI: 00000000c0044306 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018a0
R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----data.i@capi_unlocked_ioctl
Variable was created at:
 capi_ioctl drivers/isdn/capi/capi.c:747 [inline]
 capi_unlocked_ioctl+0x82/0x1bf0 drivers/isdn/capi/capi.c:939
 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46

Bytes 12-63 of 64 are uninitialized
Memory access of size 64 starts at ffff88807ac5fce8
Data copied to user address 0000000020000080

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-02 10:31:39 -08:00
..
accessibility
acpi pstore improvements and refactorings 2018-12-27 11:15:21 -08:00
amba
android binder: fix race that allows malicious free of live buffer 2018-11-26 20:01:47 +01:00
ata libata: whitelist all SAMSUNG MZ7KM* solid-state disks 2018-12-03 12:54:39 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-11-28 22:10:54 -08:00
auxdisplay auxdisplay: charlcd: fix x/y command parsing 2018-12-21 21:27:21 +01:00
base Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-25 15:17:51 -08:00
bcma
block Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
bluetooth Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading 2018-12-19 13:43:42 +01:00
bus
cdrom
char Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
clk Merge branch 'clk-imx7ulp' into clk-next 2018-12-14 14:03:38 -08:00
clocksource Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-25 15:44:08 -08:00
connector
cpufreq powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
cpuidle powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
dax
dca
devfreq PM / devfreq: add devfreq_suspend/resume() functions 2018-12-11 11:40:13 +09:00
dio
dma dmaengine: dw: Fix FIFO size for Intel Merrifield 2018-12-06 22:53:05 +05:30
dma-buf dma-buf: add dma_fence_get_stub 2018-12-03 17:40:18 +01:00
edac EDAC, fsl_ddr: Add LS1021A to the list of supported hardware 2018-12-19 11:57:45 +01:00
eisa
extcon
firewire
firmware pstore improvements and refactorings 2018-12-27 11:15:21 -08:00
fmc
fpga
fsi fsi: fsi-scom.c: Remove duplicate header 2018-11-26 10:13:04 +11:00
gnss gnss: sirf: fix activation retry handling 2018-12-06 17:22:23 +01:00
gpio regmap: Updates for v4.21 2018-12-25 14:48:06 -08:00
gpu xen: features and fixes for 4.21 2018-12-26 11:35:07 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2018-12-10 11:04:41 -08:00
hsi
hv * ARM: selftests improvements, large PUD support for HugeTLB, 2018-12-26 11:46:28 -08:00
hwmon Merge branch 'x86-amd-nb-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 16:12:50 -08:00
hwspinlock
hwtracing
i2c platform-drivers-x86 for v4.21-1 2018-12-25 11:04:17 -08:00
i3c i3c: master: cdns: fix I2C transfers in Cadence I3C master driver 2018-12-12 17:08:32 +01:00
ide powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
idle
iio platform-drivers-x86 for v4.21-1 2018-12-25 11:04:17 -08:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
input Merge branch 'parisc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2018-12-26 11:14:52 -08:00
iommu iommu/vt-d: Use memunmap to free memremap 2018-11-22 17:02:21 +01:00
ipack
irqchip irqchip updates for 4.21 2018-12-18 18:37:27 +01:00
isdn isdn: fix kernel-infoleak in capi_unlocked_ioctl 2019-01-02 10:31:39 -08:00
leds LEDs for 4.21-rc1 2018-12-25 14:52:50 -08:00
lightnvm
macintosh macintosh: Use of_node_name_{eq, prefix} for node name comparisons 2018-12-22 21:29:56 +11:00
mailbox
mcb
md Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
media Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
memory
memstick
message
mfd mfd: axp20x: use explicit bit defines 2018-12-13 16:40:03 +00:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
mmc mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl 2018-12-17 08:59:42 +01:00
mtd spi: Updates for v4.21 2018-12-25 14:43:54 -08:00
mux
net net/hamradio/6pack: use mod_timer() to rearm timers 2019-01-02 10:27:01 -08:00
nfc
ntb ntb: idt: Alter the driver info comments 2018-11-01 10:33:12 -04:00
nubus
nvdimm libnvdimm, pfn: Pad pfn namespaces relative to other regions 2018-12-05 14:16:12 -08:00
nvme nvmet-rdma: fix response use after free 2018-12-07 07:11:11 -08:00
nvmem nvmem: core: fix regression in of_nvmem_cell_get() 2018-11-11 09:15:29 -08:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
opp Merge branch 'opp/genpd/propagation' into opp/linux-next 2018-12-14 16:28:52 +05:30
oprofile
parisc
parport
pci Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-25 15:17:51 -08:00
pcmcia
perf drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver 2018-12-06 13:03:17 +00:00
phy phy: qcom-qusb2: Fix HSTX_TRIM tuning with fused value for SDM845 2018-11-21 13:13:58 +05:30
pinctrl pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 2018-12-07 13:32:19 +01:00
platform Here's the main MIPS pull for Linux 4.21. Core architecture changes 2018-12-26 10:45:33 -08:00
pnp
power PM / AVS: SmartReflex: Switch to SPDX Licence ID 2018-12-12 13:54:28 +01:00
powercap
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2018-11-23 18:04:02 -08:00
pwm pwm: imx: Add ipg clock operation 2018-12-24 12:06:56 +01:00
rapidio
ras
regulator Merge remote-tracking branch 'regulator/topic/coupled' into regulator-next 2018-12-21 13:43:35 +00:00
remoteproc virtio_ring: disable packed ring on unsupported transports 2018-11-26 22:17:40 -08:00
reset
rpmsg
rtc Staging and IIO driver fixes for 4.20-rc5 2018-11-30 12:23:44 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next 2018-12-26 10:32:18 -08:00
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
sfi
sh
siox
slimbus slimbus: ngd: remove unnecessary check 2018-11-07 14:59:28 +01:00
sn
soc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
soundwire
spi spi: Updates for v4.21 2018-12-25 14:43:54 -08:00
spmi
ssb
staging Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
target Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
tc
tee
thermal thermal: stm32: Fix stm_thermal_read_factory_settings 2018-12-10 20:15:28 -08:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-11-26 20:38:49 +01:00
tty audit/stable-4.21 PR 20181224 2018-12-27 11:58:50 -08:00
uio uio_hv_generic: set callbacks on open 2018-12-11 14:23:17 +01:00
usb Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
uwb
vfio vfio_pci: Add NVIDIA GV100GL [Tesla V100 SXM2] subdriver 2018-12-21 16:20:47 +11:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
video drm pull request for 4.21-rc1 2018-12-25 11:48:26 -08:00
virt
virtio virtio_ring: advertize packed ring layout 2018-11-26 22:17:40 -08:00
visorbus
vlynq
vme
w1
watchdog
xen xen: Introduce shared buffer helpers for page directory... 2018-12-18 12:15:55 -05:00
zorro
Kconfig i3c: Add core I3C infrastructure 2018-11-12 10:33:49 +01:00
Makefile i3c: Add core I3C infrastructure 2018-11-12 10:33:49 +01:00