• Nick Piggin's avatar
    [PATCH] fs: fix libfs data leak · 955eff5a
    Nick Piggin authored
    simple_prepare_write leaks uninitialised kernel data.  This happens because
    the it leaves an uninitialised "hole" over the part of the page that the
    write is expected to go to.  This is fine, but it then marks the page
    uptodate, which means a concurrent read can come in and copy the
    uninitialised memory into userspace before it written to.
    
    Fix it by simply marking it uptodate in simple_commit_write instead, after
    the hole has been filled in.  This could theoretically break an fs that
    uses simple_prepare_write and not simple_commit_write, and that relies on
    the incorrect simple_prepare_write behaviour.  Luckily, none of those
    exists in the tree.
    Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    955eff5a
vfs.txt 38.4 KB