summaryrefslogtreecommitdiff |
diff options
author | Thomas Zimmermann <tzimmermann@suse.de> | 2019-01-21 11:24:11 +0100 |
---|---|---|
committer | Thomas Zimmermann <tzimmermann@suse.de> | 2019-01-21 11:24:11 +0100 |
commit | eef0a2f40a22f8ca1bf0f922125af6d0c07194c0 (patch) | |
tree | 6c2ad1d2990e0d81af503ff9a39132f275647331 | |
parent | fc802aa9ca4043004f582d78235815548696fd5c (diff) |
omap2fb: Fix stack memory disclosure (bsc#1120902)
-rw-r--r-- | patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch | 44 | ||||
-rw-r--r-- | series.conf | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch b/patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch new file mode 100644 index 0000000000..bce650331e --- /dev/null +++ b/patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch @@ -0,0 +1,44 @@ +From a01421e4484327fe44f8e126793ed5a48a221e24 Mon Sep 17 00:00:00 2001 +From: Vlad Tsyrklevich <vlad@tsyrklevich.net> +Date: Fri, 11 Jan 2019 14:34:38 +0100 +Subject: omap2fb: Fix stack memory disclosure +Git-commit: a01421e4484327fe44f8e126793ed5a48a221e24 +Patch-mainline: v5.0-rc3 +References: bsc#1120902 + +Using [1] for static analysis I found that the OMAPFB_QUERY_PLANE, +OMAPFB_GET_COLOR_KEY, OMAPFB_GET_DISPLAY_INFO, and OMAPFB_GET_VRAM_INFO +cases could all leak uninitialized stack memory--either due to +uninitialized padding or 'reserved' fields. + +Fix them by clearing the shared union used to store copied out data. + +[1] https://github.com/vlad902/kernel-uninitialized-memory-checker + +Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net> +Reviewed-by: Kees Cook <keescook@chromium.org> +Fixes: b39a982ddecf ("OMAP: DSS2: omapfb driver") +Cc: security@kernel.org +[b.zolnierkie: prefix patch subject with "omap2fb: "] +Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> +Acked-by: Thomas Zimmermann <tzimmermann@suse.de> +--- + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c +index a3edb20ea4c3..a846d32ee653 100644 +--- a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c ++++ b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c +@@ -609,6 +609,8 @@ int omapfb_ioctl(struct fb_info *fbi, unsigned int cmd, unsigned long arg) + + int r = 0; + ++ memset(&p, 0, sizeof(p)); ++ + switch (cmd) { + case OMAPFB_SYNC_GFX: + DBG("ioctl SYNC_GFX\n"); +-- +2.20.1 + diff --git a/series.conf b/series.conf index 80b7df7ac3..35565e4c7f 100644 --- a/series.conf +++ b/series.conf @@ -19745,6 +19745,7 @@ patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch patches.drivers/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch patches.drm/0001-drm-i915-gvt-Fix-mmap-range-check.patch + patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch |