android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_xiaomi_sm8450/drivers
History
Alexander Potapenko 21eff69aaa vt: prevent leaking uninitialized data to userspace via /dev/vcs* 
KMSAN reported an infoleak when reading from /dev/vcs*:

  BUG: KMSAN: kernel-infoleak in vcs_read+0x18ba/0x1cc0
  Call Trace:
  ...
   kmsan_copy_to_user+0x7a/0x160 mm/kmsan/kmsan.c:1253
   copy_to_user ./include/linux/uaccess.h:184
   vcs_read+0x18ba/0x1cc0 drivers/tty/vt/vc_screen.c:352
   __vfs_read+0x1b2/0x9d0 fs/read_write.c:416
   vfs_read+0x36c/0x6b0 fs/read_write.c:452
  ...
  Uninit was created at:
   kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279
   kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189
   kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315
   __kmalloc+0x13a/0x350 mm/slub.c:3818
   kmalloc ./include/linux/slab.h:517
   vc_allocate+0x438/0x800 drivers/tty/vt/vt.c:787
   con_install+0x8c/0x640 drivers/tty/vt/vt.c:2880
   tty_driver_install_tty drivers/tty/tty_io.c:1224
   tty_init_dev+0x1b5/0x1020 drivers/tty/tty_io.c:1324
   tty_open_by_driver drivers/tty/tty_io.c:1959
   tty_open+0x17b4/0x2ed0 drivers/tty/tty_io.c:2007
   chrdev_open+0xc25/0xd90 fs/char_dev.c:417
   do_dentry_open+0xccc/0x1440 fs/open.c:794
   vfs_open+0x1b6/0x2f0 fs/open.c:908
  ...
  Bytes 0-79 of 240 are uninitialized

Consistently allocating |vc_screenbuf| with kzalloc() fixes the problem

Reported-by: syzbot+17a8efdf800000@syzkaller.appspotmail.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-28 21:34:39 +09:00
..
accessibility
acpi
Merge branches 'acpi-soc' and 'acpi-processor'
2018-06-21 14:19:08 +02:00
amba
Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
2018-06-06 13:49:25 -07:00
android
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
ata
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
atm
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
auxdisplay
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
base
Power management changes for 4.18-rc2
2018-06-22 05:57:36 +09:00
bcma
dma-mapping updates for 4.18:
2018-06-04 10:58:12 -07:00
block
for-linus-20180623
2018-06-24 06:33:54 +08:00
bluetooth
bluetooth: hci_nokia: Don't include linux/unaligned/le_struct.h directly.
2018-06-17 08:38:55 +09:00
bus
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
cdrom
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
char
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-06-24 06:31:54 +08:00
clk
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
clocksource
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-06-24 19:16:42 +08:00
connector
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-06-06 18:39:49 -07:00
cpufreq
cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0
2018-06-19 10:40:29 +02:00
cpuidle
powerpc updates for 4.18
2018-06-07 10:23:33 -07:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-06-24 06:31:54 +08:00
dax
libnvdimm for 4.18
2018-06-08 17:21:52 -07:00
dca
devfreq
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
dio
dma
fix a series of Documentation/ broken file name references
2018-06-15 18:10:01 -03:00
dma-buf
edac
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
eisa
extcon
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
firewire
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
firmware
efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode
2018-06-22 10:58:27 +02:00
fmc
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
fpga
fpga: clarify that unregister functions also free
2018-05-25 18:23:56 +02:00
fsi
gpio
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
gpu
Fixes for v4.18-rc2:
2018-06-22 11:03:43 +10:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
2018-06-20 16:42:39 +09:00
hsi
hv
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
hwmon
hwmon: (nct6775) Fix loop limit
2018-06-16 16:40:36 -07:00
hwspinlock
hwspinlock updates for v4.18
2018-06-11 12:09:19 -07:00
hwtracing
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
i2c
Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-06-14 16:21:46 +09:00
ide
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
idle
iio
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
infiniband
4.18-rc
2018-06-21 07:22:30 +09:00
input
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
iommu
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
ipack
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
irqchip
irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug
2018-06-22 14:22:02 +02:00
isdn
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
leds
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
lightnvm
for-linus-20180623
2018-06-24 06:33:54 +08:00
macintosh
powerpc updates for 4.18
2018-06-07 10:23:33 -07:00
mailbox
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
mcb
md
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
media
Solve a series of broken links for files under Documentation:
2018-06-17 05:25:18 +09:00
memory
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
memstick
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
message
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
mfd
Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-06-14 16:21:46 +09:00
misc
Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-06-14 16:21:46 +09:00
mmc
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
mtd
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
mux
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-06-21 07:13:42 +09:00
nfc
treewide: devm_kmalloc() -> devm_kmalloc_array()
2018-06-12 16:19:22 -07:00
ntb
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
nubus
Char/Misc driver patches for 4.18-rc1
2018-06-05 16:20:22 -07:00
nvdimm
Merge branch 'for-4.18/mcsafe' into libnvdimm-for-next
2018-06-08 15:16:44 -07:00
nvme
nvme-pci: limit max IO size and segments to avoid high order allocations
2018-06-21 18:59:46 +02:00
nvmem
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
of
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
opp
PM / OPP: Update voltage in case freq == old_freq
2018-06-19 15:53:32 +05:30
oprofile
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
parisc
dma-mapping updates for 4.18:
2018-06-04 10:58:12 -07:00
parport
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
pci
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
pcmcia
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
perf
drivers/bus: arm-cci: fix build warnings
2018-05-29 16:38:16 +01:00
phy
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-06-06 18:39:49 -07:00
pinctrl
pinctrl: mt7622: fix a kernel panic when pio don't work as EINT controller
2018-06-18 07:55:57 +02:00
platform
fix a series of Documentation/ broken file name references
2018-06-15 18:10:01 -03:00
pnp
media updates for v4.18-rc1
2018-06-07 12:34:37 -07:00
power
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
powercap
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
pps
ps3
ptp
ptp: replace getnstimeofday64() with ktime_get_real_ts64()
2018-06-20 07:59:53 +09:00
pwm
pwm: Changes for v4.18-rc1
2018-06-14 16:25:43 +09:00
rapidio
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
ras
regulator
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
remoteproc
treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX
2018-06-15 07:55:25 +09:00
reset
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
rpmsg
rpmsg: smd: do not use mananged resources for endpoints and channels
2018-06-04 12:35:03 -07:00
rtc
- New Device Support
2018-06-11 07:20:17 -07:00
s390
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2018-06-19 07:44:51 +09:00
sbus
fix a series of Documentation/ broken file name references
2018-06-15 18:10:01 -03:00
scsi
for-linus-20180623
2018-06-24 06:33:54 +08:00
sfi
sh
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
siox
slimbus
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
sn
soc
treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX
2018-06-15 07:55:25 +09:00
soundwire
docs: Fix more broken references
2018-06-15 18:11:26 -03:00
spi
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
spmi
ssb
staging
media: v4l: fix broken video4linux docs locations
2018-06-15 18:10:01 -03:00
target
treewide: Use array_size() in vzalloc()
2018-06-12 16:19:22 -07:00
tc
tee
thermal
- Error path bug fix for overflow tests (Dan)
2018-06-12 18:28:00 -07:00
thunderbolt
tty
vt: prevent leaking uninitialized data to userspace via /dev/vcs*
2018-06-28 21:34:39 +09:00
uio
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
usb
vfs/y2038: inode timestamps conversion to timespec64
2018-06-15 07:31:07 +09:00
uwb
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
vfio
VFIO updates for v4.18
2018-06-12 13:11:26 -07:00
vhost
virtio, vhost: features, fixes
2018-06-16 06:35:02 +09:00
video
Solve a series of broken links for files under Documentation:
2018-06-17 05:25:18 +09:00
virt
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
virtio
virtio, vhost: features, fixes
2018-06-16 06:35:02 +09:00
visorbus
vlynq
vme
w1
Char/Misc driver patches for 4.18-rc1
2018-06-05 16:20:22 -07:00
watchdog
MIPS changes for 4.18
2018-06-12 12:56:02 -07:00
xen
xen: fixes for 4.18-rc2
2018-06-23 20:44:11 +08:00
zorro
- Introduce arithmetic overflow test helper functions (Rasmus)
2018-06-06 17:27:14 -07:00
Kconfig
Makefile