[PATCH] sysctl: don't read uninit memory in deprecated_sysctl_warning()

[PATCH] sysctl: don't read uninit memory in deprecated_sysctl_warning()

[Alexander Potapenko]

Don't attempt to read the first two elements of name[] unless they
were actually copied from the userspace.

This bug has been detected by KMSAN.

Signed-off-by: Alexander Potapenko <glider@google.com>
---
 kernel/sysctl_binary.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index ece4b177052b..38d6ba22a209 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1346,7 +1346,7 @@ static void deprecated_sysctl_warning(const int *name, int nlen)
 	 * CTL_KERN/KERN_VERSION is used by older glibc and cannot
 	 * ever go away.
 	 */
-	if (name[0] == CTL_KERN && name[1] == KERN_VERSION)
+	if (nlen >= 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION)
 		return;
 
 	if (printk_ratelimit()) {
-- 
2.13.2.725.g09c95d1e9-goog

Re: [PATCH] sysctl: don't read uninit memory in deprecated_sysctl_warning()

[Andrew Morton]

On Wed, 28 Jun 2017 17:00:37 +0200 Alexander Potapenko <glider@google.com> wrote:

> Don't attempt to read the first two elements of name[] unless they
> were actually copied from the userspace.
> 
> This bug has been detected by KMSAN.

Thanks.  I already have the identical
http://ozlabs.org/~akpm/mmots/broken-out/sysctl-check-name-array-length-in-deprecated_sysctl_warning.patch