| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Mar 2019 20:56:14 -0400
From: Vitaly Mayatskikh <v.mayatskih@...il.com>
To: Stefan Hajnoczi <stefanha@...hat.com>
Cc: Michal Hocko <mhocko@...e.com>, linux-kernel@...r.kernel.org
Subject: [PATCH] vhost: zero vhost_vsock memory on allocation
This fixes OOPS when using under-initialized vhost_vsock object.
The code had a combo of kzalloc plus vmalloc as a fallback
initially, but it has been replaced by plain kvmalloc in
commit 6c5ab6511f71 ("mm: support __GFP_REPEAT in kvmalloc_node for >32kB")
OOPS is easy to reproduce with open/ioctl after trashing the RAM.
Signed-off-by: Vitaly Mayatskikh <v.mayatskih@...il.com>
---
drivers/vhost/vsock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index bb5fc0e..9e7cb13 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -512,7 +512,7 @@ static int vhost_vsock_dev_open(struct inode *inode, struct file *file)
/* This struct is large and allocation could fail, fall back to vmalloc
* if there is no other way.
*/
- vsock = kvmalloc(sizeof(*vsock), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
+ vsock = kvzalloc(sizeof(*vsock), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
if (!vsock)
return -ENOMEM;
--
1.8.3.1
Powered by blists - more mailing lists