ACK: [Precise][CVE-2015-5697] md: use kzalloc() when bitmap is disabled
Luis Henriques
luis.henriques at canonical.com
Thu Aug 13 16:24:40 UTC 2015
On Thu, Aug 13, 2015 at 08:33:05AM -0700, Kamal Mostafa wrote:
<snip>
>
> Signed-off-by: Benjamin Randazzo <benjamin at randazzo.fr>
> Signed-off-by: NeilBrown <neilb at suse.com>
> Reference: CVE-2015-5697
> [ kamal: backport to 3.2 (Ubuntu Precise): fixed both "file = kmalloc()" paths ]
Looks correct to me, fixing both paths guarantees there will be no
leak into user-space in both scenarios.
Acked-by: Luis Henriques <luis.henriques at canonical.com>
Cheers,
--
Luís
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
> ---
> drivers/md/md.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/md/md.c b/drivers/md/md.c
> index ea8a181..d7e9242 100644
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -5384,9 +5384,9 @@ static int get_bitmap_file(struct mddev * mddev, void __user * arg)
> int err = -ENOMEM;
>
> if (md_allow_write(mddev))
> - file = kmalloc(sizeof(*file), GFP_NOIO);
> + file = kzalloc(sizeof(*file), GFP_NOIO);
> else
> - file = kmalloc(sizeof(*file), GFP_KERNEL);
> + file = kzalloc(sizeof(*file), GFP_KERNEL);
>
> if (!file)
> goto out;
> --
> 1.9.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20150813/773ce873/attachment.sig>
More information about the kernel-team
mailing list