From patchwork Sun Aug 21 17:56:19 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Heinrich Schuchardt <xypron.glpk@gmx.de>
X-Patchwork-Id: 9292783
Return-Path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	50FE6600CB for <patchwork-dri-devel@patchwork.kernel.org>;
	Mon, 22 Aug 2016 00:40:30 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42CF7287DE
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Mon, 22 Aug 2016 00:40:30 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3798F28905; Mon, 22 Aug 2016 00:40:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A6C82287DE
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Mon, 22 Aug 2016 00:40:29 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id EAA4F6E2B2;
	Mon, 22 Aug 2016 00:40:28 +0000 (UTC)
X-Original-To: dri-devel@lists.freedesktop.org
Delivered-To: dri-devel@lists.freedesktop.org
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20])
	by gabe.freedesktop.org (Postfix) with ESMTPS id A35516E1FB
	for <dri-devel@lists.freedesktop.org>;
	Sun, 21 Aug 2016 17:56:27 +0000 (UTC)
Received: from workstation4.fritz.box ([109.91.48.91]) by mail.gmx.com
	(mrgmx103) with ESMTPSA (Nemesis) id 0MEo4s-1bMecU02kE-00FxQB;
	Sun, 21 Aug 2016 19:56:24 +0200
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: David Airlie <airlied@linux.ie>
Subject: [PATCH 1/1] drm: avoid exposing kernel stack in compat_drm_getstats
Date: Sun, 21 Aug 2016 19:56:19 +0200
Message-Id: <1471802179-2886-1-git-send-email-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.1.4
X-Provags-ID: V03:K0:/3wW5YWpp7dLmEGde1QjfskhAqZSy+S8g06kcU43/RJ2Uc6ZYuQ
	34iS3ZAEXdyqKx69mH1vI2P1ni0rgth/RBqOH6fw94a9IY69woAh9MXZkd2L6+WsC+bUpaJ
	yZ1ryfFkxhpa9uqkL9XRsGj8XuZ6XRdVYeHJdwez4FB2+ObjUj6jk7Tpky8GZXX3RqiuAEA
	zakHfnaP5dUuQKkCjai0w==
X-UI-Out-Filterresults: notjunk:1; V01:K0:ppbN49vC3sg=:B3ieJYts4ioRu2pSJr6X3b
	zHjD9bDwlexV/pMnMbNktM7GhdmLva4qqC5n6nyJ+Dl9wY5VIm/D0kGREN3PbkKiobWJGJbdq
	nGqXTfD9xcHR/YYahT+zE+NFiEV15Jct8mROXxYjIAeXQEiKqoBDIxssbj6zSC8kfvjOq32dc
	Y/sDz0NNGkwaBfqwVtJipKGyneJ9AQRoJ7puDT1K5tpa47chVuJ7tj6ZKbdlvVE0EWTs1EdcP
	l+4AU9uVXOqYn4jZbsRjAIWokPC0qqXM0py75Wm4X2ASgOKbdDNSTvrnOd8ePRfE7LHzKAaj5
	Av1eXPlecFN3sDOd/e9QxCMUvykheTulxDYbgOGp7vuoe6oaubkTPC5RGjBI1k+4t9oIRxOKB
	layUSr5fvg5xSG9sjV82vGT/BduXm4uGZBkuRTx04ZL0+k3iw0CBi7C8a4+qpp6guBtzjhV8r
	sgxuJFq/RlyS6hHYVHRCZLRZFLRxUkRX5E2/novJ59a3WNMtTSgC5VnPr6uuCS33bhK4ScyCe
	F8ZdF7i0qG6rLbjTYvdLYYnz6PIlDYd0PUPARulAGAgB2NAs8zOX3onyqfKTtYGNmWGYiz1Iz
	afN124FEILWV5nQYD5oux43EUlVcvfqFxvRI1WmZ216QLdsjl8v4/rMOnFWXAsF92r5mDTN0z
	5WcLkzWmzV/BozkzajOyl7pxrlAdPdbxOiTqDNY7hrC8GqCdpuNK9AMPZc2epkh9c2lG3yU8+
	+x9vRKYX5pvYVoC7l0z7QOETITWVuQbnP7v+bLO75ns9wxP2DeME574ng4k=
X-Mailman-Approved-At: Mon, 22 Aug 2016 00:39:59 +0000
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>, linux-kernel@vger.kernel.org,
	dri-devel@lists.freedesktop.org
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
	<dri-devel.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The C standard does not specify the size of the integer used
to store an enum. Hence in structure drm_stats32_t alignment
bytes may exist.

To avoid exposing bytes from the kernel stack it is
necessary to initialize variable s32 completely.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 drivers/gpu/drm/drm_ioc32.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
index 57676f8..32a489b 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
@@ -346,6 +346,7 @@ static int compat_drm_getstats(struct file *file, unsigned int cmd,
 	struct drm_stats __user *stats;
 	int i, err;
 
+	memset(&s32, 0, sizeof(drm_stats32_t));
 	stats = compat_alloc_user_space(sizeof(*stats));
 	if (!stats)
 		return -EFAULT;