From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E880EC433B4 for ; Thu, 1 Apr 2021 06:34:31 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 84202600EF for ; Thu, 1 Apr 2021 06:34:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 84202600EF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=philpotter.co.uk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id A2A416EC6F; Thu, 1 Apr 2021 06:34:30 +0000 (UTC) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) by gabe.freedesktop.org (Postfix) with ESMTPS id F2C0D6EB8F for ; Wed, 31 Mar 2021 22:07:27 +0000 (UTC) Received: by mail-wr1-x42b.google.com with SMTP id z2so21125305wrl.5 for ; Wed, 31 Mar 2021 15:07:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=philpotter-co-uk.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=IE0NHC+B7WM4oHnzUAb/T162fdB57ZZtfDzZlQLPsWQ=; b=cESdP8es/GN0f1lVMQaBFDBcGDJ1lIamwN/O691MvzEUjqi2bufaO1gaOoS9Ynbacy 3ul0+Hxi8sOyKWS02Z9WdRpc5G7DWiB8YlJJhe+qYfNebwhioubnM7IoYjjqnac70G+1 zYQqyMfCxQNMy197l6PyY/s3HHCXKFwZfjt8z+WL/Iz1yTNVyn1R5ZjosSHF42udHtyh ANaXWn7yk7CAMCxaUvbdw36u6WTd6IYqS7qYzDV7FiBNr7v8WyuvWyLFc33FBA7Mq76Z x5V+xN03fl1rqTHLaq6kW5uX+Q9V/HuoH+kIAfE+u+4SVXPV7r8JM9r5g+1Vpty6MP05 073w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=IE0NHC+B7WM4oHnzUAb/T162fdB57ZZtfDzZlQLPsWQ=; b=GyrcJlXKFnQdYqAfQtgJQxZfnQC3eMdo6iWLTYhxz7iHVYHbn4pk8Ifmc+E8+uDpF4 U2E4VPV9pR9WRpImeBROsJWFeBruA5jcpOViiu8mqKkwUCu/l9BBPQoAkl7NYJzVSm13 65OckHglGSq8A2xBb+sJwycLgMROSwzJxIhq6fTu+4XEy365LjjlXkJ0qpsCT9ttsN5P daDAvS4XWoL2libcFi/Ej3zn1NHFKUd3EwW0EY2VKLZ0ezYdnrdehjkbHihmHcmwUopm xUzjgzfmhbXnSv1cIxigEZa0xiPcCHTRW49bQ/cjz5FP0ic647uAtsdo9ZN3h19jNNAc 67Cw== X-Gm-Message-State: AOAM531PypiC3l77SaiNUVpj2mWqIDbCkCzBeqlK9+8TSDOybppPzEAm S20L1thxMaGh4qzL1H3Sx8BqnA== X-Google-Smtp-Source: ABdhPJwe16krazFRt0g3sMEwwwsGfIoOhECLnObZ2z9hz7fYHOcZNZ8Te7ytCOBcbZm4yzZrB0Drsw== X-Received: by 2002:adf:cd81:: with SMTP id q1mr6066166wrj.125.1617228441230; Wed, 31 Mar 2021 15:07:21 -0700 (PDT) Received: from localhost.localdomain (2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.1.e.e.d.f.d.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:dfde:e1a0::2]) by smtp.gmail.com with ESMTPSA id g9sm6531654wrp.14.2021.03.31.15.07.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Mar 2021 15:07:20 -0700 (PDT) From: Phillip Potter To: mchehab+huawei@kernel.org Subject: [PATCH] zero-fill colormap in drivers/video/fbdev/core/fbcmap.c Date: Wed, 31 Mar 2021 23:07:19 +0100 Message-Id: <20210331220719.1499743-1-phil@philpotter.co.uk> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 01 Apr 2021 06:34:28 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: daniel.vetter@ffwll.ch, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Use kzalloc() rather than kmalloc() for the dynamically allocated parts of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel data to userspace under certain circumstances. Fixes a KMSAN-found infoleak bug reported by syzbot at: https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com Signed-off-by: Phillip Potter --- drivers/video/fbdev/core/fbcmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/video/fbdev/core/fbcmap.c b/drivers/video/fbdev/core/fbcmap.c index 757d5c3f620b..ff09e57f3c38 100644 --- a/drivers/video/fbdev/core/fbcmap.c +++ b/drivers/video/fbdev/core/fbcmap.c @@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cmap, int len, int transp, gfp_t flags) if (!len) return 0; - cmap->red = kmalloc(size, flags); + cmap->red = kzalloc(size, flags); if (!cmap->red) goto fail; - cmap->green = kmalloc(size, flags); + cmap->green = kzalloc(size, flags); if (!cmap->green) goto fail; - cmap->blue = kmalloc(size, flags); + cmap->blue = kzalloc(size, flags); if (!cmap->blue) goto fail; if (transp) { - cmap->transp = kmalloc(size, flags); + cmap->transp = kzalloc(size, flags); if (!cmap->transp) goto fail; } else { -- 2.30.2 _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel