sysfs: make sure read buffer is zeroed · tjh.dev/kernel@f5c16f2

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

sysfs: make sure read buffer is zeroed

13c589d5b0ac ("sysfs: use seq_file when reading regular files")
switched sysfs from custom read implementation to seq_file to enable
later transition to kernfs. After the change, the buffer passed to
->show() is acquired through seq_get_buf(); unfortunately, this
introduces a subtle behavior change. Before the commit, the buffer
passed to ->show() was always zero as it was allocated using
get_zeroed_page(). Because seq_file doesn't clear buffers on
allocation and neither does seq_get_buf(), after the commit, depending
on the behavior of ->show(), we may end up exposing uninitialized data
to userland thus possibly altering userland visible behavior and
leaking information.

Fix it by explicitly clearing the buffer.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Ron <ron@debian.org>
Fixes: 13c589d5b0ac ("sysfs: use seq_file when reading regular files")
Cc: stable <stable@vger.kernel.org> # 3.13+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Tejun Heo and committed by

Greg Kroah-Hartman 12 years ago f5c16f29 555724a8

+2 -1

1 changed file

expand all

sysfs

file.c

+2 -1

fs/sysfs/file.c

··· 47 47 ssize_t count; 48 48 char *buf; 49 49 50 - /* acquire buffer and ensure that it's >= PAGE_SIZE */ 50 + /* acquire buffer and ensure that it's >= PAGE_SIZE and clear */ 51 51 count = seq_get_buf(sf, &buf); 52 52 if (count < PAGE_SIZE) { 53 53 seq_commit(sf, -1); 54 54 return 0; 55 55 } 56 + memset(buf, 0, PAGE_SIZE); 56 57 57 58 /* 58 59 * Invoke show(). Control may reach here via seq file lseek even