forked from Minki/linux
21eff69aaa
KMSAN reported an infoleak when reading from /dev/vcs*: BUG: KMSAN: kernel-infoleak in vcs_read+0x18ba/0x1cc0 Call Trace: ... kmsan_copy_to_user+0x7a/0x160 mm/kmsan/kmsan.c:1253 copy_to_user ./include/linux/uaccess.h:184 vcs_read+0x18ba/0x1cc0 drivers/tty/vt/vc_screen.c:352 __vfs_read+0x1b2/0x9d0 fs/read_write.c:416 vfs_read+0x36c/0x6b0 fs/read_write.c:452 ... Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 __kmalloc+0x13a/0x350 mm/slub.c:3818 kmalloc ./include/linux/slab.h:517 vc_allocate+0x438/0x800 drivers/tty/vt/vt.c:787 con_install+0x8c/0x640 drivers/tty/vt/vt.c:2880 tty_driver_install_tty drivers/tty/tty_io.c:1224 tty_init_dev+0x1b5/0x1020 drivers/tty/tty_io.c:1324 tty_open_by_driver drivers/tty/tty_io.c:1959 tty_open+0x17b4/0x2ed0 drivers/tty/tty_io.c:2007 chrdev_open+0xc25/0xd90 fs/char_dev.c:417 do_dentry_open+0xccc/0x1440 fs/open.c:794 vfs_open+0x1b6/0x2f0 fs/open.c:908 ... Bytes 0-79 of 240 are uninitialized Consistently allocating |vc_screenbuf| with kzalloc() fixes the problem Reported-by: syzbot+17a8efdf800000@syzkaller.appspotmail.com Signed-off-by: Alexander Potapenko <glider@google.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
---|---|---|
.. | ||
hvc | ||
ipwireless | ||
serdev | ||
serial | ||
vt | ||
amiserial.c | ||
cyclades.c | ||
ehv_bytechan.c | ||
goldfish.c | ||
isicom.c | ||
Kconfig | ||
Makefile | ||
mips_ejtag_fdc.c | ||
moxa.c | ||
moxa.h | ||
mxser.c | ||
mxser.h | ||
n_gsm.c | ||
n_hdlc.c | ||
n_null.c | ||
n_r3964.c | ||
n_tracerouter.c | ||
n_tracesink.c | ||
n_tracesink.h | ||
n_tty.c | ||
nozomi.c | ||
pty.c | ||
rocket_int.h | ||
rocket.c | ||
rocket.h | ||
synclink_gt.c | ||
synclink.c | ||
synclinkmp.c | ||
sysrq.c | ||
tty_audit.c | ||
tty_baudrate.c | ||
tty_buffer.c | ||
tty_io.c | ||
tty_ioctl.c | ||
tty_jobctrl.c | ||
tty_ldisc.c | ||
tty_ldsem.c | ||
tty_mutex.c | ||
tty_port.c | ||
vcc.c |