diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.19.8/3157-drm-amdgpu-fix-a-potential-information-leaking-bug.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.19.8/3157-drm-amdgpu-fix-a-potential-information-leaking-bug.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.19.8/3157-drm-amdgpu-fix-a-potential-information-leaking-bug.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.19.8/3157-drm-amdgpu-fix-a-potential-information-leaking-bug.patch new file mode 100644 index 00000000..0f072a39 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.19.8/3157-drm-amdgpu-fix-a-potential-information-leaking-bug.patch @@ -0,0 +1,44 @@ +From 9bf6dab4e3d5582d96da3ab6399b32a74c50ec6f Mon Sep 17 00:00:00 2001 +From: Wang Xiayang <xywang.sjtu@sjtu.edu.cn> +Date: Sat, 27 Jul 2019 17:30:30 +0800 +Subject: [PATCH 3157/4256] drm/amdgpu: fix a potential information leaking bug +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Coccinelle reports a path that the array "data" is never initialized. +The path skips the checks in the conditional branches when either +of callback functions, read_wave_vgprs and read_wave_sgprs, is not +registered. Later, the uninitialized "data" array is read +in the while-loop below and passed to put_user(). + +Fix the path by allocating the array with kcalloc(). + +The patch is simplier than adding a fall-back branch that explicitly +calls memset(data, 0, ...). Also it does not need the multiplication +1024*sizeof(*data) as the size parameter for memset() though there is +no risk of integer overflow. + +Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn> +Reviewed-by: Chunming Zhou <david1.zhou@amd.com> +Reviewed-by: Christian König <christian.koenig@amd.com> +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +index 59849ed9797d..79c8cf61c577 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +@@ -704,7 +704,7 @@ static ssize_t amdgpu_debugfs_gpr_read(struct file *f, char __user *buf, + thread = (*pos & GENMASK_ULL(59, 52)) >> 52; + bank = (*pos & GENMASK_ULL(61, 60)) >> 60; + +- data = kmalloc_array(1024, sizeof(*data), GFP_KERNEL); ++ data = kcalloc(1024, sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + +-- +2.17.1 + |