This function applies for memory but does not initialize the memory,and
then invokes copy_to_user to copy the memory to the user space, which
causes kernel information leaks.

[ 148.439660] kernel memory leak value 0xffffff80aed972bc at
0xffffffd37f00a000 to 0x704b883e74

Signed-off-by: Tao Lan <taolan@huawei.com>
---
v2: to change to my correct name.
 kernel/printk/printk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index da03c15ecc89..22d7d821909d 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -1591,7 +1591,7 @@ static int syslog_print_all(char __user *buf, int size, bool clear)
 	u64 seq;
 	bool time;
 
-	text = kmalloc(CONSOLE_LOG_MAX, GFP_KERNEL);
+	text = kzalloc(CONSOLE_LOG_MAX, GFP_KERNEL);
 	if (!text)
 		return -ENOMEM;
 
-- 
2.18.0.huawei.25

On Thu 2022-05-05 02:52:10, Tao Lan wrote:
> This function applies for memory but does not initialize the memory,and
> then invokes copy_to_user to copy the memory to the user space, which
> causes kernel information leaks.

It should not happen. copy_to_user() is used this way:

		textlen = record_print_text(&r, true, time);

		if (copy_to_user(buf + len, text, textlen))


It means that only @textlen bytes should be copied to the user space.
It is the length of the message read from the log buffer by
record_print_text().


> [ 148.439660] kernel memory leak value 0xffffff80aed972bc at
> 0xffffffd37f00a000 to 0x704b883e74

How did you produce this message, please?

Best Regards,
Petr