mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-11 04:18:39 +08:00
3c0da3d163
fuse_notify_store(), unlike fuse_do_readpage(), does not enable page
zeroing (because it can be used to change partial page contents).
So fuse_notify_store() must be more careful to fully initialize page
contents (including parts of the page that are beyond end-of-file)
before marking the page uptodate.
The current code can leave beyond-EOF page contents uninitialized, which
makes these uninitialized page contents visible to userspace via mmap().
This is an information leak, but only affects systems which do not
enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the
corresponding kernel command line parameter).
Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2574
Cc: stable@kernel.org
Fixes:
|
||
---|---|---|
.. | ||
acl.c | ||
control.c | ||
cuse.c | ||
dax.c | ||
dev.c | ||
dir.c | ||
file.c | ||
fuse_i.h | ||
inode.c | ||
ioctl.c | ||
iomode.c | ||
Kconfig | ||
Makefile | ||
passthrough.c | ||
readdir.c | ||
virtio_fs.c | ||
xattr.c |