sugar/linux
1
0
Fork 0
Code Activity
Files
be63004336d008b71f93dfe166f503ae2e53a32e
linux/drivers
History
Eric Dumazet d63967e475 isdn: fix kernel-infoleak in capi_unlocked_ioctl 
Since capi_ioctl() copies 64 bytes after calling
capi20_get_manufacturer() we need to ensure to not leak
information to user.

BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
CPU: 0 PID: 11245 Comm: syz-executor633 Not tainted 4.20.0-rc7+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x173/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
 kmsan_internal_check_memory+0x9d4/0xb00 mm/kmsan/kmsan.c:704
 kmsan_copy_to_user+0xab/0xc0 mm/kmsan/kmsan_hooks.c:601
 _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
 capi_ioctl include/linux/uaccess.h:177 [inline]
 capi_unlocked_ioctl+0x1a0b/0x1bf0 drivers/isdn/capi/capi.c:939
 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46
 ksys_ioctl fs/ioctl.c:713 [inline]
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl+0x1da/0x270 fs/ioctl.c:718
 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:718
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x440019
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdd4659fb8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
RDX: 0000000020000080 RSI: 00000000c0044306 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018a0
R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----data.i@capi_unlocked_ioctl
Variable was created at:
 capi_ioctl drivers/isdn/capi/capi.c:747 [inline]
 capi_unlocked_ioctl+0x82/0x1bf0 drivers/isdn/capi/capi.c:939
 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46

Bytes 12-63 of 64 are uninitialized
Memory access of size 64 starts at ffff88807ac5fce8
Data copied to user address 0000000020000080

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-02 10:31:39 -08:00
..
accessibility
acpi
Merge tag 'pstore-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-12-27 11:15:21 -08:00
amba
android
binder: fix race that allows malicious free of live buffer
2018-11-26 20:01:47 +01:00
ata
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
2018-12-03 12:54:39 -07:00
atm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-11-28 22:10:54 -08:00
auxdisplay
auxdisplay: charlcd: fix x/y command parsing
2018-12-21 21:27:21 +01:00
base
Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-12-25 15:17:51 -08:00
bcma
block
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
bluetooth
Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
2018-12-19 13:43:42 +01:00
bus
cdrom
char
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
clk
Merge branch 'clk-imx7ulp' into clk-next
2018-12-14 14:03:38 -08:00
clocksource
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-12-25 15:44:08 -08:00
connector
cpufreq
Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-12-27 10:43:24 -08:00
cpuidle
Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-12-27 10:43:24 -08:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
dax
dca
devfreq
PM / devfreq: add devfreq_suspend/resume() functions
2018-12-11 11:40:13 +09:00
dio
dma
dmaengine: dw: Fix FIFO size for Intel Merrifield
2018-12-06 22:53:05 +05:30
dma-buf
dma-buf: add dma_fence_get_stub
2018-12-03 17:40:18 +01:00
edac
EDAC, fsl_ddr: Add LS1021A to the list of supported hardware
2018-12-19 11:57:45 +01:00
eisa
extcon
firewire
firmware
Merge tag 'pstore-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-12-27 11:15:21 -08:00
fmc
fpga
fsi
fsi: fsi-scom.c: Remove duplicate header
2018-11-26 10:13:04 +11:00
gnss
gnss: sirf: fix activation retry handling
2018-12-06 17:22:23 +01:00
gpio
Merge tag 'regmap-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
2018-12-25 14:48:06 -08:00
gpu
Merge tag 'for-linus-4.21-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
2018-12-26 11:35:07 -08:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
2018-12-10 11:04:41 -08:00
hsi
hv
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2018-12-26 11:46:28 -08:00
hwmon
Merge branch 'x86-amd-nb-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-12-26 16:12:50 -08:00
hwspinlock
hwtracing
i2c
Merge tag 'platform-drivers-x86-v4.21-1' of git://git.infradead.org/linux-platform-drivers-x86
2018-12-25 11:04:17 -08:00
i3c
i3c: master: cdns: fix I2C transfers in Cadence I3C master driver
2018-12-12 17:08:32 +01:00
ide
Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-12-27 10:43:24 -08:00
idle
iio
Merge tag 'platform-drivers-x86-v4.21-1' of git://git.infradead.org/linux-platform-drivers-x86
2018-12-25 11:04:17 -08:00
infiniband
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
input
Merge branch 'parisc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
2018-12-26 11:14:52 -08:00
iommu
iommu/vt-d: Use memunmap to free memremap
2018-11-22 17:02:21 +01:00
ipack
irqchip
Merge tag 'irqchip-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core
2018-12-18 18:37:27 +01:00
isdn
isdn: fix kernel-infoleak in capi_unlocked_ioctl
2019-01-02 10:31:39 -08:00
leds
Merge tag 'leds-for-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
2018-12-25 14:52:50 -08:00
lightnvm
macintosh
macintosh: Use of_node_name_{eq, prefix} for node name comparisons
2018-12-22 21:29:56 +11:00
mailbox
mcb
md
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
media
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
memory
memstick
message
mfd
mfd: axp20x: use explicit bit defines
2018-12-13 16:40:03 +00:00
misc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
mmc
mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
2018-12-17 08:59:42 +01:00
mtd
Merge tag 'spi-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
2018-12-25 14:43:54 -08:00
mux
net
net/hamradio/6pack: use mod_timer() to rearm timers
2019-01-02 10:27:01 -08:00
nfc
ntb
nubus
nvdimm
libnvdimm, pfn: Pad pfn namespaces relative to other regions
2018-12-05 14:16:12 -08:00
nvme
nvmet-rdma: fix response use after free
2018-12-07 07:11:11 -08:00
nvmem
nvmem: core: fix regression in of_nvmem_cell_get()
2018-11-11 09:15:29 -08:00
of
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
opp
Merge branch 'opp/genpd/propagation' into opp/linux-next
2018-12-14 16:28:52 +05:30
oprofile
parisc
parport
pci
Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-12-25 15:17:51 -08:00
pcmcia
perf
drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver
2018-12-06 13:03:17 +00:00
phy
phy: qcom-qusb2: Fix HSTX_TRIM tuning with fused value for SDM845
2018-11-21 13:13:58 +05:30
pinctrl
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
2018-12-07 13:32:19 +01:00
platform
Merge tag 'mips_4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2018-12-26 10:45:33 -08:00
pnp
power
PM / AVS: SmartReflex: Switch to SPDX Licence ID
2018-12-12 13:54:28 +01:00
powercap
pps
ps3
ptp
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
2018-11-23 18:04:02 -08:00
pwm
pwm: imx: Add ipg clock operation
2018-12-24 12:06:56 +01:00
rapidio
ras
regulator
Merge remote-tracking branch 'regulator/topic/coupled' into regulator-next
2018-12-21 13:43:35 +00:00
remoteproc
virtio_ring: disable packed ring on unsupported transports
2018-11-26 22:17:40 -08:00
reset
rpmsg
rtc
Merge tag 'staging-4.20-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2018-11-30 12:23:44 -08:00
s390
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-09 21:43:31 -08:00
sbus
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next
2018-12-26 10:32:18 -08:00
scsi
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
sfi
sh
siox
slimbus
sn
soc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
soundwire
spi
Merge tag 'spi-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
2018-12-25 14:43:54 -08:00
spmi
ssb
staging
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
target
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
tc
tee
thermal
thermal: stm32: Fix stm_thermal_read_factory_settings
2018-12-10 20:15:28 -08:00
thunderbolt
thunderbolt: Prevent root port runtime suspend during NVM upgrade
2018-11-26 20:38:49 +01:00
tty
Merge tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
2018-12-27 11:58:50 -08:00
uio
uio_hv_generic: set callbacks on open
2018-12-11 14:23:17 +01:00
usb
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
uwb
vfio
vfio_pci: Add NVIDIA GV100GL [Tesla V100 SXM2] subdriver
2018-12-21 16:20:47 +11:00
vhost
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
video
Merge tag 'drm-next-2018-12-14' of git://anongit.freedesktop.org/drm/drm
2018-12-25 11:48:26 -08:00
virt
virtio
virtio_ring: advertize packed ring layout
2018-11-26 22:17:40 -08:00
visorbus
vlynq
vme
w1
watchdog
xen
xen: Introduce shared buffer helpers for page directory...
2018-12-18 12:15:55 -05:00
zorro
Kconfig
i3c: Add core I3C infrastructure
2018-11-12 10:33:49 +01:00
Makefile
i3c: Add core I3C infrastructure
2018-11-12 10:33:49 +01:00