| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240805075814.10103-1-chunjie.zhu@cloud.com>
Date: Mon, 5 Aug 2024 07:58:14 +0000
From: Chunjie Zhu <chunjie.zhu@...ud.com>
To: Alexander Viro <viro@...iv.linux.org.uk>
Cc: Chunjie Zhu <chunjie.zhu@...ud.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect
nfs aio code path, iov_offset is not initialized before used
nfs aio function call graph,
io_submit
aio_read
aio_setup_rw
import_single_range
iov_iter_ubuf # do not initialize iov_offset
call_read_iter
nfs_file_read
nfs_file_direct_read
nfs_direct_read_schedule_iovec
iov_iter_get_pages_alloc2
__iov_iter_get_pages_alloc
first_iovec_segment # iov_offset is used, not initialized
Signed-off-by: Chunjie Zhu <chunjie.zhu@...ud.com>
---
include/linux/uio.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/uio.h b/include/linux/uio.h
index 42bce38a8e87..2121424204c2 100644
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -386,6 +386,7 @@ static inline void iov_iter_ubuf(struct iov_iter *i, unsigned int direction,
.user_backed = true,
.data_source = direction,
.ubuf = buf,
+ .iov_offset = 0,
.count = count,
.nr_segs = 1
};
--
2.34.1
Powered by blists - more mailing lists