On Thu, 2020-05-07 at 18:56 +0200, Sebastian Andrzej Siewior wrote: > On 2020-05-07 09:49:04 [-0700], Yu-cheng Yu wrote: > > In a core dump, copy_xstate_to_kernel() copies only enabled user xfeatures > > to a kernel buffer without touching areas for disabled xfeatures. However, > > those uninitialized areas may contain random data, which is then written to > > the core dump file and can be read by a non-privileged user. > > > > Fix it by clearing uninitialized areas. > > Is the problem that copy_xstate_to_kernel() gets `kbuf' passed which > isn't zeroed? If so, would it work clean that upfront?
Alexander Potapenko's patch (in the Link:) fixes the buffer in fill_thread_core_info(). My patch prevents the same issue if this function is called from somewhere else in the future. Yu-cheng
