Re: [PATCH] landlock: Initialize kernel stack variables properly

From: Mickaël Salaün
Date: Wed Nov 03 2021 - 08:14:36 EST


Hi Austin,

On 03/11/2021 08:14, Austin Kim wrote:
> In case kernel stack variables are not initialized properly, there might
> be a little chance of kernel information disclosure. So it is better for
> kernel stack variables to be initialized with null characters.
>
> Signed-off-by: Austin Kim <austindh.kim@xxxxxxxxx>
> ---
> security/landlock/syscalls.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 32396962f04d..50a6f7091428 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -320,6 +320,8 @@ SYSCALL_DEFINE4(landlock_add_rule,
> if (rule_type != LANDLOCK_RULE_PATH_BENEATH)
> return -EINVAL;
>
> + memset(&path_beneath_attr, 0, sizeof(path_beneath_attr));
> +

This memset is already done with the copy_from_user() call just below.

> /* Copies raw user space buffer, only one type for now. */
> res = copy_from_user(&path_beneath_attr, rule_attr,
> sizeof(path_beneath_attr));
>