kernel: rh_features: fix reading empty feature list from /proc

rprobaina · rprobaina · commit f42481d3c410 · 2025-10-29T17:47:05.000-03:00
JIRA: https://issues.redhat.com/browse/RHEL-122981 This patch is a backport of the following RHEL-only commit: commit 08d81cb85b7ed466994e0dc13faec55f62e60e17 Author: Ricardo Robaina <rrobaina@redhat.com> Date: Fri May 10 20:31:21 2024 -0300 kernel: rh_features: fix reading empty feature list from /proc JIRA: https://issues.redhat.com/browse/RHEL-32987 This patch is a backport of the following upstream commit: commit ffe4913e104bd29ee17af7e18c79dea05d6fc4df Author: Jiri Benc <jbenc@redhat.com> Date: Tue Jun 30 09:50:35 2020 -0400 [kernel] kernel: rh_features: fix reading empty feature list from /proc Message-id: <2554b7608fb3e30847cf1f7c10e565666663036c.1593510618.git.jbenc@redhat.com> Patchwork-id: 321700 Patchwork-instance: patchwork O-Subject: [RHEL8.3 net] kernel: rh_features: fix reading empty feature list from /proc Bugzilla: 1843064 CVE: CVE-2020-10774 RH-Acked-by: Ivan Vecera <ivecera@redhat.com> RH-Acked-by: Frantisek Hrbata <fhrbata@redhat.com> RH-Acked-by: Hangbin Liu <haliu@redhat.com> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1843064 CVE: CVE-2020-10774 Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=29033587 Upstream status: RHEL only Tested: using slub_debug=P This fixes a RHEL only feature. The recent move of the rh_features file to /proc/sys/kernel introduced a bug: when the feature list is empty, uninitialized data is returned on read. Set the initial string len to zero. Fixes: b42078ac845a ("[kernel] rh_features: move rh_features entry to sys/kernel") Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com> Signed-off-by: Ricardo Robaina <rrobaina@redhat.com> Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
diff --git a/kernel/rh_features.c b/kernel/rh_features.c
@@ -80,6 +80,7 @@ static int rh_features_show(struct ctl_table *ctl, int write,
 	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
 	if (!tbl.data)
 		return -ENOMEM;
+	((char *)tbl.data)[0] = '\0';
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(feat, &rh_feature_list, list) {
