Re: [PATCH v2] printk: fix kernel msg leakage in syslog_print_all function；

From: Petr Mladek
Date: Thu May 05 2022 - 03:13:33 EST

Next message: Christophe Leroy: "Re: [PATCH] powerpc/pci: Add config option for using OF 'reg' for PCI domain"
Previous message: Marco Elver: "Re: [PATCH] mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool"
In reply to: Tao Lan: "[PATCH v2] printk: fix kernel msg leakage in syslog_print_all function；"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu 2022-05-05 02:52:10, Tao Lan wrote:
> This function applies for memory but does not initialize the memory,and
> then invokes copy_to_user to copy the memory to the user space, which
> causes kernel information leaks.

It should not happen. copy_to_user() is used this way:

textlen = record_print_text(&r, true, time);

if (copy_to_user(buf + len, text, textlen))

It means that only @textlen bytes should be copied to the user space.
It is the length of the message read from the log buffer by
record_print_text().

> [ 148.439660] kernel memory leak value 0xffffff80aed972bc at
> 0xffffffd37f00a000 to 0x704b883e74

How did you produce this message, please?

Best Regards,
Petr

Next message: Christophe Leroy: "Re: [PATCH] powerpc/pci: Add config option for using OF 'reg' for PCI domain"
Previous message: Marco Elver: "Re: [PATCH] mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool"
In reply to: Tao Lan: "[PATCH v2] printk: fix kernel msg leakage in syslog_print_all function；"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]