| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240926162901.GA9716@redhat.com> Date: Thu, 26 Sep 2024 18:29:01 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Masami Hiramatsu <mhiramat@...nel.org>, Peter Zijlstra <peterz@...radead.org> Cc: Catalin Marinas <catalin.marinas@....com>, "Liao, Chang" <liaochang1@...wei.com>, Will Deacon <will@...nel.org>, linux-kernel@...r.kernel.org Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ. Reported-by: Will Deacon <will@...nel.org> Signed-off-by: Oleg Nesterov <oleg@...hat.com> --- kernel/events/uprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap; -- 2.25.1.362.g51ebf55
Powered by blists - more mailing lists