Message ID | 20210331220719.1499743-1-phil@philpotter.co.uk (mailing list archive) |
---|---|
State | Superseded, archived |
Headers | show |
Series | zero-fill colormap in drivers/video/fbdev/core/fbcmap.c | expand |
On Thu, Apr 1, 2021 at 12:09 AM Phillip Potter <phil@philpotter.co.uk> wrote: > Use kzalloc() rather than kmalloc() for the dynamically allocated parts > of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel > data to userspace under certain circumstances. > > Fixes a KMSAN-found infoleak bug reported by syzbot at: > https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e > > Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com > Signed-off-by: Phillip Potter <phil@philpotter.co.uk> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Gr{oetje,eeting}s, Geert
On Thu, Apr 01, 2021 at 11:55:50AM +0200, Geert Uytterhoeven wrote: > On Thu, Apr 1, 2021 at 12:09 AM Phillip Potter <phil@philpotter.co.uk> wrote: > > Use kzalloc() rather than kmalloc() for the dynamically allocated parts > > of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel > > data to userspace under certain circumstances. > > > > Fixes a KMSAN-found infoleak bug reported by syzbot at: > > https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e > > > > Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com > > Signed-off-by: Phillip Potter <phil@philpotter.co.uk> > > Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Gr{oetje,eeting}s, > > Geert > > -- > Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org > > In personal conversations with technical people, I call myself a hacker. But > when I'm talking to journalists I just say "programmer" or something like that. > -- Linus Torvalds Dear Geert Thank you for your review :-) Regards, Phil
On Wed, Mar 31, 2021 at 11:07:19PM +0100, Phillip Potter wrote: > Use kzalloc() rather than kmalloc() for the dynamically allocated parts > of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel > data to userspace under certain circumstances. > > Fixes a KMSAN-found infoleak bug reported by syzbot at: > https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e > > Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com > Signed-off-by: Phillip Potter <phil@philpotter.co.uk> > --- > drivers/video/fbdev/core/fbcmap.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) Daniel, want me to take this? thanks, greg k-h
diff --git a/drivers/video/fbdev/core/fbcmap.c b/drivers/video/fbdev/core/fbcmap.c index 757d5c3f620b..ff09e57f3c38 100644 --- a/drivers/video/fbdev/core/fbcmap.c +++ b/drivers/video/fbdev/core/fbcmap.c @@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cmap, int len, int transp, gfp_t flags) if (!len) return 0; - cmap->red = kmalloc(size, flags); + cmap->red = kzalloc(size, flags); if (!cmap->red) goto fail; - cmap->green = kmalloc(size, flags); + cmap->green = kzalloc(size, flags); if (!cmap->green) goto fail; - cmap->blue = kmalloc(size, flags); + cmap->blue = kzalloc(size, flags); if (!cmap->blue) goto fail; if (transp) { - cmap->transp = kmalloc(size, flags); + cmap->transp = kzalloc(size, flags); if (!cmap->transp) goto fail; } else {
Use kzalloc() rather than kmalloc() for the dynamically allocated parts of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel data to userspace under certain circumstances. Fixes a KMSAN-found infoleak bug reported by syzbot at: https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil@philpotter.co.uk> --- drivers/video/fbdev/core/fbcmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)